int main(int argc, char **argv) { BEGIN_TEST(); EXPECT_SUCCESS(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0)); EXPECT_SUCCESS(setenv("S2N_DONT_MLOCK", "1", 0)); EXPECT_SUCCESS(s2n_init()); /* Client doens't use the server name extension. */ { struct s2n_connection *client_conn; struct s2n_connection *server_conn; struct s2n_config *server_config; s2n_blocked_status client_blocked; s2n_blocked_status server_blocked; int server_to_client[2]; int client_to_server[2]; /* Create nonblocking pipes */ EXPECT_SUCCESS(pipe(server_to_client)); EXPECT_SUCCESS(pipe(client_to_server)); for (int i = 0; i < 2; i++) { EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1); EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1); } EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT)); EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0])); EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1])); EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER)); EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0])); EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1])); EXPECT_NOT_NULL(server_config = s2n_config_new()); EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, certificate, private_key)); EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config)); do { int ret; ret = s2n_negotiate(client_conn, &client_blocked); EXPECT_TRUE(ret == 0 || (client_blocked && errno == EAGAIN)); ret = s2n_negotiate(server_conn, &server_blocked); EXPECT_TRUE(ret == 0 || (server_blocked && errno == EAGAIN)); } while (client_blocked || server_blocked); /* Verify that the server didn't receive the server name. */ EXPECT_NULL(s2n_get_server_name(server_conn)); EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked)); EXPECT_SUCCESS(s2n_connection_free(client_conn)); EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked)); EXPECT_SUCCESS(s2n_connection_free(server_conn)); EXPECT_SUCCESS(s2n_config_free(server_config)); for (int i = 0; i < 2; i++) { EXPECT_SUCCESS(close(server_to_client[i])); EXPECT_SUCCESS(close(client_to_server[i])); } } /* Client uses the server name extension. */ { struct s2n_connection *client_conn; struct s2n_connection *server_conn; struct s2n_config *server_config; s2n_blocked_status client_blocked; s2n_blocked_status server_blocked; int server_to_client[2]; int client_to_server[2]; const char *sent_server_name = "awesome.amazonaws.com"; const char *received_server_name; /* Create nonblocking pipes */ EXPECT_SUCCESS(pipe(server_to_client)); EXPECT_SUCCESS(pipe(client_to_server)); for (int i = 0; i < 2; i++) { EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1); EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1); } EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT)); EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0])); EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1])); /* Set the server name */ EXPECT_SUCCESS(s2n_set_server_name(client_conn, sent_server_name)); EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER)); EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0])); EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1])); EXPECT_NOT_NULL(server_config = s2n_config_new()); EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, certificate, private_key)); EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config)); do { int ret; ret = s2n_negotiate(client_conn, &client_blocked); EXPECT_TRUE(ret == 0 || (client_blocked && errno == EAGAIN)); ret = s2n_negotiate(server_conn, &server_blocked); EXPECT_TRUE(ret == 0 || (server_blocked && errno == EAGAIN)); } while (client_blocked || server_blocked); /* Verify that the server name was received intact. */ EXPECT_NOT_NULL(received_server_name = s2n_get_server_name(server_conn)); EXPECT_EQUAL(strlen(received_server_name), strlen(sent_server_name)); EXPECT_BYTEARRAY_EQUAL(received_server_name, sent_server_name, strlen(received_server_name)); EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked)); EXPECT_SUCCESS(s2n_connection_free(client_conn)); EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked)); EXPECT_SUCCESS(s2n_connection_free(server_conn)); EXPECT_SUCCESS(s2n_config_free(server_config)); for (int i = 0; i < 2; i++) { EXPECT_SUCCESS(close(server_to_client[i])); EXPECT_SUCCESS(close(client_to_server[i])); } } /* Client sends multiple server names. */ { struct s2n_connection *server_conn; struct s2n_config *server_config; s2n_blocked_status server_blocked; int server_to_client[2]; int client_to_server[2]; const char *sent_server_name = "svr"; const char *received_server_name; uint8_t client_extensions[] = { /* Extension type TLS_EXTENSION_SERVER_NAME */ 0x00, 0x00, /* Extension size */ 0x00, 0x0C, /* All server names len */ 0x00, 0x0A, /* First server name type - host name */ 0x00, /* First server name len */ 0x00, 0x03, /* First server name, matches sent_server_name */ 's', 'v', 'r', /* Second server name type - host name */ 0x00, /* Second server name len */ 0x00, 0x01, /* Second server name */ 0xFF, }; int client_extensions_len = sizeof(client_extensions); uint8_t client_hello_message[] = { /* Protocol version TLS 1.2 */ 0x03, 0x03, /* Client random */ ZERO_TO_THIRTY_ONE, /* SessionID len - 32 bytes */ 0x20, /* Session ID */ ZERO_TO_THIRTY_ONE, /* Cipher suites len */ 0x00, 0x02, /* Cipher suite - TLS_RSA_WITH_AES_128_CBC_SHA256 */ 0x00, 0x3C, /* Compression methods len */ 0x01, /* Compression method - none */ 0x00, /* Extensions len */ (client_extensions_len >> 8) & 0xff, (client_extensions_len & 0xff), }; int body_len = sizeof(client_hello_message) + client_extensions_len; uint8_t message_header[] = { /* Handshake message type CLIENT HELLO */ 0x01, /* Body len */ (body_len >> 16) & 0xff, (body_len >> 8) & 0xff, (body_len & 0xff), }; int message_len = sizeof(message_header) + body_len; uint8_t record_header[] = { /* Record type HANDSHAKE */ 0x16, /* Protocol version TLS 1.2 */ 0x03, 0x03, /* Message len */ (message_len >> 8) & 0xff, (message_len & 0xff), }; /* Create nonblocking pipes */ EXPECT_SUCCESS(pipe(server_to_client)); EXPECT_SUCCESS(pipe(client_to_server)); for (int i = 0; i < 2; i++) { EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1); EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1); } EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER)); EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0])); EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1])); EXPECT_NOT_NULL(server_config = s2n_config_new()); EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, certificate, private_key)); EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config)); /* Send the client hello */ EXPECT_EQUAL(write(client_to_server[1], record_header, sizeof(record_header)), sizeof(record_header)); EXPECT_EQUAL(write(client_to_server[1], message_header, sizeof(message_header)), sizeof(message_header)); EXPECT_EQUAL(write(client_to_server[1], client_hello_message, sizeof(client_hello_message)), sizeof(client_hello_message)); EXPECT_EQUAL(write(client_to_server[1], client_extensions, sizeof(client_extensions)), sizeof(client_extensions)); /* Verify that the CLIENT HELLO is accepted */ s2n_negotiate(server_conn, &server_blocked); EXPECT_EQUAL(server_blocked, 1); EXPECT_EQUAL(server_conn->handshake.state, CLIENT_KEY); /* Verify that the server name was received intact. */ EXPECT_NOT_NULL(received_server_name = s2n_get_server_name(server_conn)); EXPECT_EQUAL(strlen(received_server_name), strlen(sent_server_name)); EXPECT_BYTEARRAY_EQUAL(received_server_name, sent_server_name, strlen(received_server_name)); EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked)); EXPECT_SUCCESS(s2n_connection_free(server_conn)); EXPECT_SUCCESS(s2n_config_free(server_config)); for (int i = 0; i < 2; i++) { EXPECT_SUCCESS(close(server_to_client[i])); EXPECT_SUCCESS(close(client_to_server[i])); } } /* Client doesn't use the OCSP extension. */ { struct s2n_connection *client_conn; struct s2n_connection *server_conn; struct s2n_config *server_config; s2n_blocked_status client_blocked; s2n_blocked_status server_blocked; int server_to_client[2]; int client_to_server[2]; uint32_t length; /* Create nonblocking pipes */ EXPECT_SUCCESS(pipe(server_to_client)); EXPECT_SUCCESS(pipe(client_to_server)); for (int i = 0; i < 2; i++) { EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1); EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1); } EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT)); EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0])); EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1])); EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER)); EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0])); EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1])); EXPECT_NOT_NULL(server_config = s2n_config_new()); EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_with_status(server_config, certificate, private_key, server_ocsp_status, sizeof(server_ocsp_status))); EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config)); do { int ret; ret = s2n_negotiate(client_conn, &client_blocked); EXPECT_TRUE(ret == 0 || client_blocked); ret = s2n_negotiate(server_conn, &server_blocked); EXPECT_TRUE(ret == 0 || server_blocked); } while (client_blocked || server_blocked); /* Verify that the client didn't receive an OCSP response. */ EXPECT_NULL(s2n_connection_get_ocsp_response(client_conn, &length)); EXPECT_EQUAL(length, 0); EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked)); EXPECT_SUCCESS(s2n_connection_free(client_conn)); EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked)); EXPECT_SUCCESS(s2n_connection_free(server_conn)); EXPECT_SUCCESS(s2n_config_free(server_config)); for (int i = 0; i < 2; i++) { EXPECT_SUCCESS(close(server_to_client[i])); EXPECT_SUCCESS(close(client_to_server[i])); } } /* Server doesn't support the OCSP extension. */ { struct s2n_connection *client_conn; struct s2n_connection *server_conn; struct s2n_config *server_config; struct s2n_config *client_config; s2n_blocked_status client_blocked; s2n_blocked_status server_blocked; int server_to_client[2]; int client_to_server[2]; uint32_t length; /* Create nonblocking pipes */ EXPECT_SUCCESS(pipe(server_to_client)); EXPECT_SUCCESS(pipe(client_to_server)); for (int i = 0; i < 2; i++) { EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1); EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1); } EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT)); EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0])); EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1])); EXPECT_NOT_NULL(client_config = s2n_config_new()); EXPECT_SUCCESS(s2n_config_set_status_request_type(client_config, S2N_STATUS_REQUEST_OCSP)); EXPECT_SUCCESS(s2n_connection_set_config(client_conn, client_config)); EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER)); EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0])); EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1])); EXPECT_NOT_NULL(server_config = s2n_config_new()); EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, certificate, private_key)); EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config)); do { int ret; ret = s2n_negotiate(client_conn, &client_blocked); EXPECT_TRUE(ret == 0 || client_blocked); ret = s2n_negotiate(server_conn, &server_blocked); EXPECT_TRUE(ret == 0 || server_blocked); } while (client_blocked || server_blocked); /* Verify that the client didn't receive an OCSP response. */ EXPECT_NULL(s2n_connection_get_ocsp_response(client_conn, &length)); EXPECT_EQUAL(length, 0); EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked)); EXPECT_SUCCESS(s2n_connection_free(client_conn)); EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked)); EXPECT_SUCCESS(s2n_connection_free(server_conn)); EXPECT_SUCCESS(s2n_config_free(server_config)); EXPECT_SUCCESS(s2n_config_free(client_config)); for (int i = 0; i < 2; i++) { EXPECT_SUCCESS(close(server_to_client[i])); EXPECT_SUCCESS(close(client_to_server[i])); } } /* Server and client support the OCSP extension. */ { struct s2n_connection *client_conn; struct s2n_connection *server_conn; struct s2n_config *server_config; struct s2n_config *client_config; s2n_blocked_status client_blocked; s2n_blocked_status server_blocked; int server_to_client[2]; int client_to_server[2]; uint32_t length; /* Create nonblocking pipes */ EXPECT_SUCCESS(pipe(server_to_client)); EXPECT_SUCCESS(pipe(client_to_server)); for (int i = 0; i < 2; i++) { EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1); EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1); } EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT)); EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0])); EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1])); EXPECT_NOT_NULL(client_config = s2n_config_new()); EXPECT_SUCCESS(s2n_config_set_status_request_type(client_config, S2N_STATUS_REQUEST_OCSP)); EXPECT_SUCCESS(s2n_connection_set_config(client_conn, client_config)); EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER)); EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0])); EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1])); EXPECT_NOT_NULL(server_config = s2n_config_new()); EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_with_status(server_config, certificate, private_key, server_ocsp_status, sizeof(server_ocsp_status))); EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config)); do { int ret; ret = s2n_negotiate(client_conn, &client_blocked); EXPECT_TRUE(ret == 0 || client_blocked); ret = s2n_negotiate(server_conn, &server_blocked); EXPECT_TRUE(ret == 0 || server_blocked); } while (client_blocked || server_blocked); /* Verify that the client didn't receive an OCSP response. */ EXPECT_NULL(s2n_connection_get_ocsp_response(client_conn, &length)); EXPECT_EQUAL(length, 0); EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked)); EXPECT_SUCCESS(s2n_connection_free(client_conn)); EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked)); EXPECT_SUCCESS(s2n_connection_free(server_conn)); EXPECT_SUCCESS(s2n_config_free(server_config)); EXPECT_SUCCESS(s2n_config_free(client_config)); for (int i = 0; i < 2; i++) { EXPECT_SUCCESS(close(server_to_client[i])); EXPECT_SUCCESS(close(client_to_server[i])); } } END_TEST(); return 0; }
int s2n_config_free_cert_chain_and_key(struct s2n_config *config) { struct s2n_blob b = { .data = (uint8_t *) config->cert_and_key_pairs, .size = sizeof(struct s2n_cert_chain_and_key) }; /* If there were cert and key pairs set, walk the chain and free the certs */ if (config->cert_and_key_pairs) { struct s2n_cert_chain *node = config->cert_and_key_pairs->head; while (node) { struct s2n_blob n = { .data = (uint8_t *)node, .size = sizeof(struct s2n_cert_chain) }; /* Free the cert */ GUARD(s2n_free(&node->cert)); /* Advance to next */ node = node->next; /* Free the node */ GUARD(s2n_free(&n)); } GUARD(s2n_rsa_private_key_free(&config->cert_and_key_pairs->private_key)); GUARD(s2n_free(&config->cert_and_key_pairs->ocsp_status)); } GUARD(s2n_free(&b)); return 0; } int s2n_config_free_dhparams(struct s2n_config *config) { struct s2n_blob b = { .data = (uint8_t *) config->dhparams, .size = sizeof(struct s2n_dh_params) }; if (config->dhparams) { GUARD(s2n_dh_params_free(config->dhparams)); } GUARD(s2n_free(&b)); return 0; } int s2n_config_free(struct s2n_config *config) { struct s2n_blob b = {.data = (uint8_t *) config,.size = sizeof(struct s2n_config) }; GUARD(s2n_config_free_cert_chain_and_key(config)); GUARD(s2n_config_free_dhparams(config)); GUARD(s2n_free(&config->application_protocols)); GUARD(s2n_free(&b)); return 0; } int s2n_config_set_cipher_preferences(struct s2n_config *config, const char *version) { for (int i = 0; selection[i].version != NULL; i++) { if (!strcasecmp(version, selection[i].version)) { config->cipher_preferences = selection[i].preferences; return 0; } } s2n_errno = S2N_ERR_INVALID_CIPHER_PREFERENCES; return -1; } int s2n_config_set_protocol_preferences(struct s2n_config *config, const char * const *protocols, int protocol_count) { struct s2n_stuffer protocol_stuffer; GUARD(s2n_free(&config->application_protocols)); if (protocols == NULL || protocol_count == 0) { /* NULL value indicates no prference, so nothing to do */ return 0; } GUARD(s2n_stuffer_growable_alloc(&protocol_stuffer, 256)); for (int i = 0; i < protocol_count; i++) { size_t length = strlen(protocols[i]); uint8_t protocol[255]; if (length > 255 || (s2n_stuffer_data_available(&protocol_stuffer) + length + 1) > 65535) { return S2N_ERR_APPLICATION_PROTOCOL_TOO_LONG; } memcpy_check(protocol, protocols[i], length); GUARD(s2n_stuffer_write_uint8(&protocol_stuffer, length)); GUARD(s2n_stuffer_write_bytes(&protocol_stuffer, protocol, length)); } uint32_t size = s2n_stuffer_data_available(&protocol_stuffer); /* config->application_protocols blob now owns this data */ config->application_protocols.size = size; config->application_protocols.data = s2n_stuffer_raw_read(&protocol_stuffer, size); notnull_check(config->application_protocols.data); return 0; } int s2n_config_set_status_request_type(struct s2n_config *config, s2n_status_request_type type) { config->status_request_type = type; return 0; } int s2n_config_add_cert_chain_and_key_with_status(struct s2n_config *config, char *cert_chain_pem, char *private_key_pem, const uint8_t *status, uint32_t length) { struct s2n_stuffer chain_in_stuffer, cert_out_stuffer, key_in_stuffer, key_out_stuffer; struct s2n_blob key_blob; struct s2n_blob mem; /* Allocate the memory for the chain and key struct */ GUARD(s2n_alloc(&mem, sizeof(struct s2n_cert_chain_and_key))); config->cert_and_key_pairs = (struct s2n_cert_chain_and_key *)(void *)mem.data; config->cert_and_key_pairs->ocsp_status.data = NULL; config->cert_and_key_pairs->ocsp_status.size = 0; /* Put the private key pem in a stuffer */ GUARD(s2n_stuffer_alloc_ro_from_string(&key_in_stuffer, private_key_pem)); GUARD(s2n_stuffer_growable_alloc(&key_out_stuffer, strlen(private_key_pem))); /* Convert pem to asn1 and asn1 to the private key */ GUARD(s2n_stuffer_rsa_private_key_from_pem(&key_in_stuffer, &key_out_stuffer)); GUARD(s2n_stuffer_free(&key_in_stuffer)); key_blob.size = s2n_stuffer_data_available(&key_out_stuffer); key_blob.data = s2n_stuffer_raw_read(&key_out_stuffer, key_blob.size); notnull_check(key_blob.data); GUARD(s2n_asn1der_to_rsa_private_key(&config->cert_and_key_pairs->private_key, &key_blob)); GUARD(s2n_stuffer_free(&key_out_stuffer)); /* Turn the chain into a stuffer */ GUARD(s2n_stuffer_alloc_ro_from_string(&chain_in_stuffer, cert_chain_pem)); GUARD(s2n_stuffer_growable_alloc(&cert_out_stuffer, 2048)); struct s2n_cert_chain **insert = &config->cert_and_key_pairs->head; uint32_t chain_size = 0; do { struct s2n_cert_chain *new_node; if (s2n_stuffer_certificate_from_pem(&chain_in_stuffer, &cert_out_stuffer) < 0) { if (chain_size == 0) { S2N_ERROR(S2N_ERR_NO_CERTIFICATE_IN_PEM); } break; } GUARD(s2n_alloc(&mem, sizeof(struct s2n_cert_chain))); new_node = (struct s2n_cert_chain *)(void *)mem.data; GUARD(s2n_alloc(&new_node->cert, s2n_stuffer_data_available(&cert_out_stuffer))); GUARD(s2n_stuffer_read(&cert_out_stuffer, &new_node->cert)); /* Additional 3 bytes for the length field in the protocol */ chain_size += new_node->cert.size + 3; new_node->next = NULL; *insert = new_node; insert = &new_node->next; } while (s2n_stuffer_data_available(&chain_in_stuffer)); GUARD(s2n_stuffer_free(&chain_in_stuffer)); GUARD(s2n_stuffer_free(&cert_out_stuffer)); config->cert_and_key_pairs->chain_size = chain_size; if (status && length > 0) { GUARD(s2n_alloc(&config->cert_and_key_pairs->ocsp_status, length)); memcpy_check(config->cert_and_key_pairs->ocsp_status.data, status, length); } return 0; } int s2n_config_add_cert_chain_and_key(struct s2n_config *config, char *cert_chain_pem, char *private_key_pem) { GUARD(s2n_config_add_cert_chain_and_key_with_status(config, cert_chain_pem, private_key_pem, NULL, 0)); return 0; } int s2n_config_add_dhparams(struct s2n_config *config, char *dhparams_pem) { struct s2n_stuffer dhparams_in_stuffer, dhparams_out_stuffer; struct s2n_blob dhparams_blob; struct s2n_blob mem; /* Allocate the memory for the chain and key struct */ GUARD(s2n_alloc(&mem, sizeof(struct s2n_dh_params))); config->dhparams = (struct s2n_dh_params *)(void *)mem.data; GUARD(s2n_stuffer_alloc_ro_from_string(&dhparams_in_stuffer, dhparams_pem)); GUARD(s2n_stuffer_growable_alloc(&dhparams_out_stuffer, strlen(dhparams_pem))); /* Convert pem to asn1 and asn1 to the private key */ GUARD(s2n_stuffer_dhparams_from_pem(&dhparams_in_stuffer, &dhparams_out_stuffer)); GUARD(s2n_stuffer_free(&dhparams_in_stuffer)); dhparams_blob.size = s2n_stuffer_data_available(&dhparams_out_stuffer); dhparams_blob.data = s2n_stuffer_raw_read(&dhparams_out_stuffer, dhparams_blob.size); notnull_check(dhparams_blob.data); GUARD(s2n_pkcs3_to_dh_params(config->dhparams, &dhparams_blob)); GUARD(s2n_free(&dhparams_blob)); return 0; } int s2n_config_set_nanoseconds_since_epoch_callback(struct s2n_config *config, int (*nanoseconds_since_epoch)(void *, uint64_t *), void * data) { notnull_check(nanoseconds_since_epoch); config->nanoseconds_since_epoch = nanoseconds_since_epoch; config->data_for_nanoseconds_since_epoch = data; return 0; }