void mock_client(int writefd, int readfd)
{
char buffer[0xffff];
struct s2n_connection *conn;
int more;
/* Give the server a chance to listen */
sleep(1);
conn = s2n_connection_new(S2N_CLIENT);
s2n_connection_set_read_fd(conn, readfd);
s2n_connection_set_write_fd(conn, writefd);
s2n_negotiate(conn, &more);
for (int i = 1; i < 0xffff; i += 100) {
for (int j = 0; j < i; j++) {
buffer[j] = 33;
}
s2n_send(conn, buffer, i, &more);
}
s2n_shutdown(conn, &more);
s2n_connection_free(conn);
/* Give the server a chance to a void a sigpipe */
sleep(1);
_exit(0);
}
int mock_client(int writefd, int readfd, uint8_t *expected_data, uint32_t size)
{
uint8_t *buffer = malloc(size);
uint8_t *ptr = buffer;
struct s2n_connection *conn;
struct s2n_config *config;
s2n_blocked_status blocked;
int result = 0;
/* Give the server a chance to listen */
sleep(1);
conn = s2n_connection_new(S2N_CLIENT);
config = s2n_config_new();
s2n_connection_set_config(conn, config);
s2n_connection_set_read_fd(conn, readfd);
s2n_connection_set_write_fd(conn, writefd);
result = s2n_negotiate(conn, &blocked);
if (result < 0) {
_exit(1);
}
/* Receive 10MB of data */
uint32_t remaining = size;
while(remaining) {
int r = s2n_recv(conn, ptr, remaining, &blocked);
if (r < 0) {
continue;
}
remaining -= r;
ptr += r;
}
int shutdown_rc= -1;
do {
shutdown_rc = s2n_shutdown(conn, &blocked);
} while(shutdown_rc != 0);
for (int i = 0; i < size; i++) {
if (buffer[i] != expected_data[i]) {
_exit(1);
}
}
free(buffer);
s2n_connection_free(conn);
/* Give the server a chance to a void a sigpipe */
sleep(1);
_exit(0);
}
int mock_client(int writefd, int readfd, const char **protocols, int count, const char *expected)
{
char buffer[0xffff];
struct s2n_connection *conn;
struct s2n_config *config;
s2n_blocked_status blocked;
int result = 0;
/* Give the server a chance to listen */
sleep(1);
conn = s2n_connection_new(S2N_CLIENT);
config = s2n_config_new();
s2n_config_set_protocol_preferences(config, protocols, count);
s2n_connection_set_config(conn, config);
s2n_connection_set_read_fd(conn, readfd);
s2n_connection_set_write_fd(conn, writefd);
result = s2n_negotiate(conn, &blocked);
if (result < 0) {
result = 1;
}
const char *got = s2n_get_application_protocol(conn);
if ((got != NULL && expected == NULL) ||
(got == NULL && expected != NULL) ||
(got != NULL && expected != NULL && strcmp(expected, got) != 0)) {
result = 2;
}
for (int i = 1; i < 0xffff; i += 100) {
for (int j = 0; j < i; j++) {
buffer[j] = 33;
}
s2n_send(conn, buffer, i, &blocked);
}
s2n_connection_free(conn);
/* Give the server a chance to a void a sigpipe */
sleep(1);
_exit(result);
}
void mock_client(int writefd, int readfd)
{
char buffer[0xffff];
struct s2n_connection *conn;
struct s2n_config *cconfig;
s2n_blocked_status blocked;
/* Give the server a chance to listen */
sleep(1);
conn = s2n_connection_new(S2N_CLIENT);
conn->server_protocol_version = S2N_TLS12;
conn->client_protocol_version = S2N_TLS12;
conn->actual_protocol_version = S2N_TLS12;
cconfig = s2n_config_new();
s2n_config_disable_session_tickets(cconfig);
s2n_connection_set_config(conn, cconfig);
s2n_connection_set_read_fd(conn, readfd);
s2n_connection_set_write_fd(conn, writefd);
s2n_negotiate(conn, &blocked);
for (int i = 1; i < 0xffff; i += 100) {
for (int j = 0; j < i; j++) {
buffer[j] = 33;
}
s2n_send(conn, buffer, i, &blocked);
}
int shutdown_rc = -1;
while(shutdown_rc != 0) {
shutdown_rc = s2n_shutdown(conn, &blocked);
}
s2n_connection_free(conn);
/* Give the server a chance to a void a sigpipe */
sleep(1);
_exit(0);
}
int main(int argc, char **argv)
{
struct s2n_connection *conn;
struct s2n_config *config;
s2n_blocked_status blocked;
int status;
pid_t pid;
int server_to_client[2];
int client_to_server[2];
BEGIN_TEST();
EXPECT_SUCCESS(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0));
for (int cert = 0; cert < SUPPORTED_CERTIFICATE_FORMATS; cert++) {
for (int is_dh_key_exchange = 0; is_dh_key_exchange <= 1; is_dh_key_exchange++) {
/* Create a pipe */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
/* Create a child process */
pid = fork();
if (pid == 0) {
/* This is the child process, close the read end of the pipe */
EXPECT_SUCCESS(close(client_to_server[0]));
EXPECT_SUCCESS(close(server_to_client[1]));
/* Write the fragmented hello message */
mock_client(client_to_server[1], server_to_client[0]);
}
/* This is the parent */
EXPECT_SUCCESS(close(client_to_server[1]));
EXPECT_SUCCESS(close(server_to_client[0]));
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
conn->server_protocol_version = S2N_TLS12;
conn->client_protocol_version = S2N_TLS12;
conn->actual_protocol_version = S2N_TLS12;
EXPECT_NOT_NULL(config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(config, certificates[cert], private_keys[cert]));
if (is_dh_key_exchange) {
EXPECT_SUCCESS(s2n_config_add_dhparams(config, dhparams));
}
EXPECT_SUCCESS(s2n_connection_set_config(conn, config));
/* Set up the connection to read from the fd */
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(conn, server_to_client[1]));
/* Negotiate the handshake. */
EXPECT_SUCCESS(s2n_negotiate(conn, &blocked));
char buffer[0xffff];
for (int i = 1; i < 0xffff; i += 100) {
char * ptr = buffer;
int size = i;
do {
int bytes_read = 0;
EXPECT_SUCCESS(bytes_read = s2n_recv(conn, ptr, size, &blocked));
size -= bytes_read;
ptr += bytes_read;
} while(size);
for (int j = 0; j < i; j++) {
EXPECT_EQUAL(buffer[j], 33);
}
}
int shutdown_rc = -1;
do {
shutdown_rc = s2n_shutdown(conn, &blocked);
EXPECT_TRUE(shutdown_rc == 0 || (errno == EAGAIN && blocked));
} while(shutdown_rc != 0);
EXPECT_SUCCESS(s2n_connection_free(conn));
EXPECT_SUCCESS(s2n_config_free(config));
/* Clean up */
EXPECT_EQUAL(waitpid(-1, &status, 0), pid);
EXPECT_EQUAL(status, 0);
}
}
END_TEST();
return 0;
}
int main(int argc, char **argv)
{
struct s2n_config *server_config;
struct s2n_cipher_preferences *default_cipher_preferences;
BEGIN_TEST();
EXPECT_SUCCESS(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0));
EXPECT_SUCCESS(setenv("S2N_DONT_MLOCK", "1", 0));
EXPECT_SUCCESS(s2n_init());
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, certificate, private_key));
EXPECT_SUCCESS(s2n_config_add_dhparams(server_config, dhparams));
EXPECT_NOT_NULL(default_cipher_preferences = server_config->cipher_preferences);
/* Verify that a handshake succeeds for every cipher in the default list. */
for (int cipher_idx = 0; cipher_idx < default_cipher_preferences->count; cipher_idx++) {
struct s2n_cipher_preferences server_cipher_preferences;
struct s2n_connection *client_conn;
struct s2n_connection *server_conn;
int client_more;
int server_more;
int server_to_client[2];
int client_to_server[2];
/* Craft a cipher preference with a cipher_idx cipher
NOTE: Its safe to use memcpy as the address of server_cipher_preferences
will never be NULL */
memcpy(&server_cipher_preferences, default_cipher_preferences, sizeof(server_cipher_preferences));
server_cipher_preferences.count = 1;
server_cipher_preferences.wire_format = default_cipher_preferences->wire_format + cipher_idx * S2N_TLS_CIPHER_SUITE_LEN;
server_config->cipher_preferences = &server_cipher_preferences;
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
do {
int ret;
ret = s2n_negotiate(client_conn, &client_more);
EXPECT_TRUE(ret == 0 || (client_more && errno == EAGAIN));
ret = s2n_negotiate(server_conn, &server_more);
EXPECT_TRUE(ret == 0 || (server_more && errno == EAGAIN));
} while (client_more || server_more);
EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_more));
EXPECT_SUCCESS(s2n_connection_free(client_conn));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_more));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
EXPECT_SUCCESS(s2n_config_free(server_config));
END_TEST();
return 0;
}
int main(int argc, char **argv)
{
BEGIN_TEST();
EXPECT_SUCCESS(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0));
EXPECT_SUCCESS(setenv("S2N_DONT_MLOCK", "1", 0));
EXPECT_SUCCESS(s2n_init());
/* Client doens't use the server name extension. */
{
struct s2n_connection *client_conn;
struct s2n_connection *server_conn;
struct s2n_config *server_config;
s2n_blocked_status client_blocked;
s2n_blocked_status server_blocked;
int server_to_client[2];
int client_to_server[2];
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, certificate, private_key));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
do {
int ret;
ret = s2n_negotiate(client_conn, &client_blocked);
EXPECT_TRUE(ret == 0 || (client_blocked && errno == EAGAIN));
ret = s2n_negotiate(server_conn, &server_blocked);
EXPECT_TRUE(ret == 0 || (server_blocked && errno == EAGAIN));
} while (client_blocked || server_blocked);
/* Verify that the server didn't receive the server name. */
EXPECT_NULL(s2n_get_server_name(server_conn));
EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked));
EXPECT_SUCCESS(s2n_connection_free(client_conn));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
EXPECT_SUCCESS(s2n_config_free(server_config));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
/* Client uses the server name extension. */
{
struct s2n_connection *client_conn;
struct s2n_connection *server_conn;
struct s2n_config *server_config;
s2n_blocked_status client_blocked;
s2n_blocked_status server_blocked;
int server_to_client[2];
int client_to_server[2];
const char *sent_server_name = "awesome.amazonaws.com";
const char *received_server_name;
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
/* Set the server name */
EXPECT_SUCCESS(s2n_set_server_name(client_conn, sent_server_name));
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, certificate, private_key));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
do {
int ret;
ret = s2n_negotiate(client_conn, &client_blocked);
EXPECT_TRUE(ret == 0 || (client_blocked && errno == EAGAIN));
ret = s2n_negotiate(server_conn, &server_blocked);
EXPECT_TRUE(ret == 0 || (server_blocked && errno == EAGAIN));
} while (client_blocked || server_blocked);
/* Verify that the server name was received intact. */
EXPECT_NOT_NULL(received_server_name = s2n_get_server_name(server_conn));
EXPECT_EQUAL(strlen(received_server_name), strlen(sent_server_name));
EXPECT_BYTEARRAY_EQUAL(received_server_name, sent_server_name, strlen(received_server_name));
EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked));
EXPECT_SUCCESS(s2n_connection_free(client_conn));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
EXPECT_SUCCESS(s2n_config_free(server_config));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
/* Client sends multiple server names. */
{
struct s2n_connection *server_conn;
struct s2n_config *server_config;
s2n_blocked_status server_blocked;
int server_to_client[2];
int client_to_server[2];
const char *sent_server_name = "svr";
const char *received_server_name;
uint8_t client_extensions[] = {
/* Extension type TLS_EXTENSION_SERVER_NAME */
0x00, 0x00,
/* Extension size */
0x00, 0x0C,
/* All server names len */
0x00, 0x0A,
/* First server name type - host name */
0x00,
/* First server name len */
0x00, 0x03,
/* First server name, matches sent_server_name */
's', 'v', 'r',
/* Second server name type - host name */
0x00,
/* Second server name len */
0x00, 0x01,
/* Second server name */
0xFF,
};
int client_extensions_len = sizeof(client_extensions);
uint8_t client_hello_message[] = {
/* Protocol version TLS 1.2 */
0x03, 0x03,
/* Client random */
ZERO_TO_THIRTY_ONE,
/* SessionID len - 32 bytes */
0x20,
/* Session ID */
ZERO_TO_THIRTY_ONE,
/* Cipher suites len */
0x00, 0x02,
/* Cipher suite - TLS_RSA_WITH_AES_128_CBC_SHA256 */
0x00, 0x3C,
/* Compression methods len */
0x01,
/* Compression method - none */
0x00,
/* Extensions len */
(client_extensions_len >> 8) & 0xff, (client_extensions_len & 0xff),
};
int body_len = sizeof(client_hello_message) + client_extensions_len;
uint8_t message_header[] = {
/* Handshake message type CLIENT HELLO */
0x01,
/* Body len */
(body_len >> 16) & 0xff, (body_len >> 8) & 0xff, (body_len & 0xff),
};
int message_len = sizeof(message_header) + body_len;
uint8_t record_header[] = {
/* Record type HANDSHAKE */
0x16,
/* Protocol version TLS 1.2 */
0x03, 0x03,
/* Message len */
(message_len >> 8) & 0xff, (message_len & 0xff),
};
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, certificate, private_key));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
/* Send the client hello */
EXPECT_EQUAL(write(client_to_server[1], record_header, sizeof(record_header)), sizeof(record_header));
EXPECT_EQUAL(write(client_to_server[1], message_header, sizeof(message_header)), sizeof(message_header));
EXPECT_EQUAL(write(client_to_server[1], client_hello_message, sizeof(client_hello_message)), sizeof(client_hello_message));
EXPECT_EQUAL(write(client_to_server[1], client_extensions, sizeof(client_extensions)), sizeof(client_extensions));
/* Verify that the CLIENT HELLO is accepted */
s2n_negotiate(server_conn, &server_blocked);
EXPECT_EQUAL(server_blocked, 1);
EXPECT_EQUAL(server_conn->handshake.state, CLIENT_KEY);
/* Verify that the server name was received intact. */
EXPECT_NOT_NULL(received_server_name = s2n_get_server_name(server_conn));
EXPECT_EQUAL(strlen(received_server_name), strlen(sent_server_name));
EXPECT_BYTEARRAY_EQUAL(received_server_name, sent_server_name, strlen(received_server_name));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
EXPECT_SUCCESS(s2n_config_free(server_config));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
/* Client doesn't use the OCSP extension. */
{
struct s2n_connection *client_conn;
struct s2n_connection *server_conn;
struct s2n_config *server_config;
s2n_blocked_status client_blocked;
s2n_blocked_status server_blocked;
int server_to_client[2];
int client_to_server[2];
uint32_t length;
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_with_status(server_config, certificate, private_key, server_ocsp_status, sizeof(server_ocsp_status)));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
do {
int ret;
ret = s2n_negotiate(client_conn, &client_blocked);
EXPECT_TRUE(ret == 0 || client_blocked);
ret = s2n_negotiate(server_conn, &server_blocked);
EXPECT_TRUE(ret == 0 || server_blocked);
} while (client_blocked || server_blocked);
/* Verify that the client didn't receive an OCSP response. */
EXPECT_NULL(s2n_connection_get_ocsp_response(client_conn, &length));
EXPECT_EQUAL(length, 0);
EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked));
EXPECT_SUCCESS(s2n_connection_free(client_conn));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
EXPECT_SUCCESS(s2n_config_free(server_config));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
/* Server doesn't support the OCSP extension. */
{
struct s2n_connection *client_conn;
struct s2n_connection *server_conn;
struct s2n_config *server_config;
struct s2n_config *client_config;
s2n_blocked_status client_blocked;
s2n_blocked_status server_blocked;
int server_to_client[2];
int client_to_server[2];
uint32_t length;
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
EXPECT_NOT_NULL(client_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_set_status_request_type(client_config, S2N_STATUS_REQUEST_OCSP));
EXPECT_SUCCESS(s2n_connection_set_config(client_conn, client_config));
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, certificate, private_key));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
do {
int ret;
ret = s2n_negotiate(client_conn, &client_blocked);
EXPECT_TRUE(ret == 0 || client_blocked);
ret = s2n_negotiate(server_conn, &server_blocked);
EXPECT_TRUE(ret == 0 || server_blocked);
} while (client_blocked || server_blocked);
/* Verify that the client didn't receive an OCSP response. */
EXPECT_NULL(s2n_connection_get_ocsp_response(client_conn, &length));
EXPECT_EQUAL(length, 0);
EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked));
EXPECT_SUCCESS(s2n_connection_free(client_conn));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
EXPECT_SUCCESS(s2n_config_free(server_config));
EXPECT_SUCCESS(s2n_config_free(client_config));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
/* Server and client support the OCSP extension. */
{
struct s2n_connection *client_conn;
struct s2n_connection *server_conn;
struct s2n_config *server_config;
struct s2n_config *client_config;
s2n_blocked_status client_blocked;
s2n_blocked_status server_blocked;
int server_to_client[2];
int client_to_server[2];
uint32_t length;
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
EXPECT_NOT_NULL(client_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_set_status_request_type(client_config, S2N_STATUS_REQUEST_OCSP));
EXPECT_SUCCESS(s2n_connection_set_config(client_conn, client_config));
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_with_status(server_config, certificate, private_key, server_ocsp_status, sizeof(server_ocsp_status)));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
do {
int ret;
ret = s2n_negotiate(client_conn, &client_blocked);
EXPECT_TRUE(ret == 0 || client_blocked);
ret = s2n_negotiate(server_conn, &server_blocked);
EXPECT_TRUE(ret == 0 || server_blocked);
} while (client_blocked || server_blocked);
/* Verify that the client didn't receive an OCSP response. */
EXPECT_NULL(s2n_connection_get_ocsp_response(client_conn, &length));
EXPECT_EQUAL(length, 0);
EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked));
EXPECT_SUCCESS(s2n_connection_free(client_conn));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
EXPECT_SUCCESS(s2n_config_free(server_config));
EXPECT_SUCCESS(s2n_config_free(client_config));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
END_TEST();
return 0;
}
int main(int argc, char **argv)
{
struct s2n_connection *conn;
struct s2n_config *config;
int status;
pid_t pid;
int server_to_client[2];
int client_to_server[2];
BEGIN_TEST();
EXPECT_SUCCESS(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0));
/* Create a pipe */
EXPECT_SUCCESS(s2n_init());
for (int is_dh_key_exchange = 0; is_dh_key_exchange <= 1; is_dh_key_exchange++) {
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
/* Create a child process */
pid = fork();
if (pid == 0) {
/* This is the child process, close the read end of the pipe */
EXPECT_SUCCESS(close(client_to_server[0]));
EXPECT_SUCCESS(close(server_to_client[1]));
/* Write the fragmented hello message */
mock_client(client_to_server[1], server_to_client[0]);
}
/* This is the parent */
EXPECT_SUCCESS(close(client_to_server[1]));
EXPECT_SUCCESS(close(server_to_client[0]));
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
EXPECT_NOT_NULL(config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(config, certificate, private_key));
if (is_dh_key_exchange) {
EXPECT_SUCCESS(s2n_config_add_dhparams(config, dhparams));
}
EXPECT_SUCCESS(s2n_connection_set_config(conn, config));
/* Set up the connection to read from the fd */
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(conn, server_to_client[1]));
/* Negotiate the handshake. */
EXPECT_SUCCESS(s2n_negotiate(conn, &status));
char buffer[0xffff];
for (int i = 1; i < 0xffff; i += 100) {
char * ptr = buffer;
int bytes_read = 0;
int size = i;
do {
EXPECT_SUCCESS(bytes_read = s2n_recv(conn, ptr, size, &status));
size -= bytes_read;
ptr += bytes_read;
} while(size);
for (int j = 0; j < i; j++) {
EXPECT_EQUAL(buffer[j], 33);
}
}
/* Verify that read() returns EOF */
EXPECT_SUCCESS(s2n_recv(conn, buffer, 1, &status));
EXPECT_SUCCESS(s2n_shutdown(conn, &status));
EXPECT_SUCCESS(s2n_connection_free(conn));
EXPECT_SUCCESS(s2n_config_free(config));
/* Clean up */
EXPECT_EQUAL(waitpid(-1, &status, 0), pid);
EXPECT_EQUAL(status, 0);
}
END_TEST();
return 0;
}
int main(int argc, char **argv)
{
if(argc != 2)
{
fprintf(stderr,"usage: %s hostname\n", argv[0]);
return 1;
}
signal(SIGINT, sigint_handler);
printf("Looking up addresses for %s ...\n", argv[1]);
struct addrinfo hints;
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC; // AF_INET or AF_INET6 to force version
hints.ai_socktype = SOCK_STREAM;
struct addrinfo *dnsres;
int status_1 = getaddrinfo(argv[1], PORT, &hints, &dnsres);
if(status_1 != 0)
{
fprintf(stderr, "dns lookup failed: %s\n", gai_strerror(status_1));
return 2;
}
print_addrinfo(dnsres);
printf("Connecting to %s ...\n", "the server");
int sockfd = socket(dnsres->ai_family, dnsres->ai_socktype, dnsres->ai_protocol);
if(connect(sockfd, dnsres->ai_addr, dnsres->ai_addrlen) != 0)
{
perror("connect");
return 3;
}
printf("Connected.\n");
freeaddrinfo(dnsres); // frees the memory that was dynamically allocated for the linked lists by getaddrinfo
s2n_init();
struct s2n_config *config = s2n_config_new();
s2n_status_request_type type = S2N_STATUS_REQUEST_NONE;
s2n_config_set_status_request_type(config, type);
struct s2n_connection *conn = s2n_connection_new(S2N_CLIENT);
s2n_connection_set_config(conn, config);
s2n_connection_set_fd(conn, sockfd);
s2n_blocked_status blocked;
do {
if (s2n_negotiate(conn, &blocked) < 0) {
fprintf(stderr, "Failed to negotiate: '%s' %d\n", s2n_strerror(s2n_errno, "EN"), s2n_connection_get_alert(conn));
exit(1);
}
} while (blocked);
int client_hello_version;
int client_protocol_version;
int server_protocol_version;
int actual_protocol_version;
if ((client_hello_version = s2n_connection_get_client_hello_version(conn)) < 0) {
fprintf(stderr, "Could not get client hello version\n");
exit(1);
}
if ((client_protocol_version = s2n_connection_get_client_protocol_version(conn)) < 0) {
fprintf(stderr, "Could not get client protocol version\n");
exit(1);
}
if ((server_protocol_version = s2n_connection_get_server_protocol_version(conn)) < 0) {
fprintf(stderr, "Could not get server protocol version\n");
exit(1);
}
if ((actual_protocol_version = s2n_connection_get_actual_protocol_version(conn)) < 0) {
fprintf(stderr, "Could not get actual protocol version\n");
exit(1);
}
printf("Client hello version: %d\n", client_hello_version);
printf("Client protocol version: %d\n", client_protocol_version);
printf("Server protocol version: %d\n", server_protocol_version);
printf("Actual protocol version: %d\n", actual_protocol_version);
if (s2n_get_server_name(conn)) {
printf("Server name: %s\n", s2n_get_server_name(conn));
}
if (s2n_get_application_protocol(conn)) {
printf("Application protocol: %s\n", s2n_get_application_protocol(conn));
}
uint32_t length;
const uint8_t *status = s2n_connection_get_ocsp_response(conn, &length);
if (status && length > 0) {
fprintf(stderr, "OCSP response received, length %d\n", length);
}
printf("Cipher negotiated: %s\n", s2n_connection_get_cipher(conn));
char buf[BUFFERSIZE + 1];
int bytes_read, bytes_written;
// Make sure stdin is a terminal.
if (!isatty(STDIN_FILENO))
{
fprintf(stderr, "Not a terminal.\n");
exit(EXIT_FAILURE);
}
// Save the terminal attributes so we can restore them later.
tcgetattr(STDIN_FILENO, &saved_attributes);
atexit(reset_input_mode);
// Set the funny terminal modes.
struct termios tattr;
tcgetattr(STDIN_FILENO, &tattr);
tattr.c_lflag &= ~(ICANON | ECHO); // Clear ICANON and ECHO.
tattr.c_cc[VMIN] = 1;
tattr.c_cc[VTIME] = 0;
tcsetattr(STDIN_FILENO, TCSAFLUSH, &tattr);
fd_set master, readfds;
FD_ZERO(&master);
FD_SET(STDIN_FILENO, &master);
FD_SET(sockfd, &master);
for(;;)
{
readfds = master;
select(sockfd + 1, &readfds, NULL, NULL, NULL);
if(FD_ISSET(STDIN_FILENO, &readfds))
{
bytes_read = read(STDIN_FILENO, buf, BUFFERSIZE);
if(bytes_read < 1) break;
char *buf_ptr = buf;
int bytes_available = bytes_read;
do
{
bytes_written = s2n_send(conn, buf_ptr, bytes_available, &blocked);
if(bytes_written < 0) break;
bytes_available -= bytes_written;
buf_ptr += bytes_written;
} while(bytes_available || blocked);
}
if(FD_ISSET(sockfd, &readfds))
{
do
{
bytes_read = s2n_recv(conn, buf, BUFFERSIZE, &blocked);
if(bytes_read < 1) break;
write(STDOUT_FILENO, buf, bytes_read);
} while(blocked);
}
//if(nbytes != mbytes) printf("nbytes [%d] != mbytes [%d] \n", nbytes, mbytes);
}
close(sockfd);
s2n_connection_free(conn);
s2n_config_free(config);
s2n_cleanup();
printf("\nBYE!\n");
return 0;
}
int main(int argc, char **argv)
{
uint8_t data[10000000];
uint8_t *ptr = data;
struct s2n_connection *conn;
struct s2n_config *config;
s2n_blocked_status blocked;
int status;
pid_t pid;
int server_to_client[2];
int client_to_server[2];
struct s2n_blob blob = {.data = data, .size = sizeof(data)};
BEGIN_TEST();
EXPECT_SUCCESS(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0));
EXPECT_NOT_NULL(config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(config, certificate, private_key));
EXPECT_SUCCESS(s2n_config_add_dhparams(config, dhparams));
/* Get some random data to send/receive */
EXPECT_SUCCESS(s2n_get_urandom_data(&blob));
/* Create a pipe */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
/* Create a child process */
pid = fork();
if (pid == 0) {
/* This is the child process, close the read end of the pipe */
EXPECT_SUCCESS(close(client_to_server[0]));
EXPECT_SUCCESS(close(server_to_client[1]));
/* Run the client */
mock_client(client_to_server[1], server_to_client[0], data, sizeof(data));
}
/* This is the parent */
EXPECT_SUCCESS(close(client_to_server[1]));
EXPECT_SUCCESS(close(server_to_client[0]));
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_config(conn, config));
/* Set up the connection to read from the fd */
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(conn, server_to_client[1]));
/* Negotiate the handshake. */
EXPECT_SUCCESS(s2n_negotiate(conn, &blocked));
/* Pause the child process by sending it SIGSTP */
EXPECT_SUCCESS(kill(pid, SIGSTOP));
/* Make our pipes non-blocking */
EXPECT_NOT_EQUAL(fcntl(client_to_server[0], F_SETFL, fcntl(client_to_server[0], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(server_to_client[1], F_SETFL, fcntl(server_to_client[1], F_GETFL) | O_NONBLOCK), -1);
/* Try to all 10MB of data, should be enough to fill PIPEBUF, so
we'll get blocked at some point */
uint32_t remaining = sizeof(data);
while (remaining) {
int r = s2n_send(conn, ptr, remaining, &blocked);
if (r < 0) {
if (blocked) {
/* We reached a blocked state */
break;
}
continue;
}
remaining -= r;
ptr += r;
}
/* Remaining shouldn't have progressed at all */
EXPECT_EQUAL(remaining, sizeof(data));
/* Wake the child process by sending it SIGCONT */
EXPECT_SUCCESS(kill(pid, SIGCONT));
/* Make our sockets blocking again */
EXPECT_NOT_EQUAL(fcntl(client_to_server[0], F_SETFL, fcntl(client_to_server[0], F_GETFL) ^ O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(server_to_client[1], F_SETFL, fcntl(server_to_client[1], F_GETFL) ^ O_NONBLOCK), -1);
/* Actually send the remaining data */
while (remaining) {
int r = s2n_send(conn, ptr, remaining, &blocked);
if (r < 0) {
continue;
}
remaining -= r;
ptr += r;
}
EXPECT_SUCCESS(s2n_shutdown(conn, &blocked));
EXPECT_SUCCESS(s2n_connection_free(conn));
/* Clean up */
EXPECT_EQUAL(waitpid(-1, &status, 0), pid);
EXPECT_EQUAL(status, 0);
EXPECT_SUCCESS(s2n_config_free(config));
END_TEST();
return 0;
}
int main(int argc, char **argv)
{
char buffer[0xffff];
struct s2n_connection *conn;
struct s2n_config *config;
s2n_blocked_status blocked;
int status;
pid_t pid;
int server_to_client[2];
int client_to_server[2];
const char *protocols[] = { "http/1.1", "spdy/3.1" };
const char *mismatch_protocols[] = { "spdy/2" };
BEGIN_TEST();
EXPECT_SUCCESS(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0));
EXPECT_NOT_NULL(config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_set_protocol_preferences(config, protocols, 2));
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(config, certificate, private_key));
EXPECT_SUCCESS(s2n_config_add_dhparams(config, dhparams));
/** Test no client ALPN request */
/* Create a pipe */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
/* Create a child process */
pid = fork();
if (pid == 0) {
/* This is the child process, close the read end of the pipe */
EXPECT_SUCCESS(close(client_to_server[0]));
EXPECT_SUCCESS(close(server_to_client[1]));
/* Send the client hello with no ALPN extensions, and validate we didn't
* negotiate an application protocol */
mock_client(client_to_server[1], server_to_client[0], NULL, 0, NULL);
}
/* This is the parent */
EXPECT_SUCCESS(close(client_to_server[1]));
EXPECT_SUCCESS(close(server_to_client[0]));
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_config(conn, config));
/* Set up the connection to read from the fd */
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(conn, server_to_client[1]));
/* Negotiate the handshake. */
EXPECT_SUCCESS(s2n_negotiate(conn, &blocked));
/* Expect NULL negotiated protocol */
EXPECT_EQUAL(s2n_get_application_protocol(conn), NULL);
for (int i = 1; i < 0xffff; i += 100) {
char * ptr = buffer;
int bytes_read = 0;
int size = i;
do {
EXPECT_SUCCESS(bytes_read = s2n_recv(conn, ptr, size, &blocked));
size -= bytes_read;
ptr += bytes_read;
} while(size);
for (int j = 0; j < i; j++) {
EXPECT_EQUAL(buffer[j], 33);
}
}
EXPECT_SUCCESS(s2n_shutdown(conn, &blocked));
EXPECT_SUCCESS(s2n_connection_free(conn));
/* Clean up */
EXPECT_EQUAL(waitpid(-1, &status, 0), pid);
EXPECT_EQUAL(status, 0);
/* Test a matching ALPN request */
/* Create a pipe */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
/* Create a child process */
pid = fork();
if (pid == 0) {
/* This is the child process, close the read end of the pipe */
EXPECT_SUCCESS(close(client_to_server[0]));
EXPECT_SUCCESS(close(server_to_client[1]));
/* Clients ALPN preferences match our preferences, so we pick the
* most preffered server one */
mock_client(client_to_server[1], server_to_client[0], protocols, 2, protocols[0]);
}
/* This is the parent */
EXPECT_SUCCESS(close(client_to_server[1]));
EXPECT_SUCCESS(close(server_to_client[0]));
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_config(conn, config));
/* Set up the connection to read from the fd */
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(conn, server_to_client[1]));
/* Negotiate the handshake. */
EXPECT_SUCCESS(s2n_negotiate(conn, &blocked));
/* Expect our most prefered negotiated protocol */
EXPECT_STRING_EQUAL(s2n_get_application_protocol(conn), protocols[0]);
for (int i = 1; i < 0xffff; i += 100) {
char * ptr = buffer;
int bytes_read = 0;
int size = i;
do {
EXPECT_SUCCESS(bytes_read = s2n_recv(conn, ptr, size, &blocked));
size -= bytes_read;
ptr += bytes_read;
} while(size);
for (int j = 0; j < i; j++) {
EXPECT_EQUAL(buffer[j], 33);
}
}
EXPECT_SUCCESS(s2n_shutdown(conn, &blocked));
EXPECT_SUCCESS(s2n_connection_free(conn));
/* Clean up */
EXPECT_EQUAL(waitpid(-1, &status, 0), pid);
EXPECT_EQUAL(status, 0);
/* Test a lower prefered matching ALPN request */
/* Create a pipe */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
/* Create a child process */
pid = fork();
if (pid == 0) {
/* This is the child process, close the read end of the pipe */
EXPECT_SUCCESS(close(client_to_server[0]));
EXPECT_SUCCESS(close(server_to_client[1]));
/* Client only advertises our second choice, so we should negotiate it */
mock_client(client_to_server[1], server_to_client[0], &protocols[1], 1, protocols[1]);
}
/* This is the parent */
EXPECT_SUCCESS(close(client_to_server[1]));
EXPECT_SUCCESS(close(server_to_client[0]));
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_config(conn, config));
/* Set up the connection to read from the fd */
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(conn, server_to_client[1]));
/* Negotiate the handshake. */
EXPECT_SUCCESS(s2n_negotiate(conn, &blocked));
for (int i = 1; i < 0xffff; i += 100) {
char * ptr = buffer;
int bytes_read = 0;
int size = i;
do {
EXPECT_SUCCESS(bytes_read = s2n_recv(conn, ptr, size, &blocked));
size -= bytes_read;
ptr += bytes_read;
} while(size);
for (int j = 0; j < i; j++) {
EXPECT_EQUAL(buffer[j], 33);
}
}
/* Expect our least prefered negotiated protocol */
EXPECT_STRING_EQUAL(s2n_get_application_protocol(conn), protocols[1]);
EXPECT_SUCCESS(s2n_shutdown(conn, &blocked));
EXPECT_SUCCESS(s2n_connection_free(conn));
/* Clean up */
EXPECT_EQUAL(waitpid(-1, &status, 0), pid);
EXPECT_EQUAL(status, 0);
/* Test a non-matching ALPN request */
/* Create a pipe */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
/* Create a child process */
pid = fork();
if (pid == 0) {
/* This is the child process, close the read end of the pipe */
EXPECT_SUCCESS(close(client_to_server[0]));
EXPECT_SUCCESS(close(server_to_client[1]));
/* Client doesn't support any of our protocols, so we shouldn't complete
* the handshake */
mock_client(client_to_server[1], server_to_client[0], mismatch_protocols, 1, NULL);
}
/* This is the parent */
EXPECT_SUCCESS(close(client_to_server[1]));
EXPECT_SUCCESS(close(server_to_client[0]));
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_config(conn, config));
/* Set up the connection to read from the fd */
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(conn, server_to_client[1]));
/* s2n_negotiate will fail, which ordinarily would delay with a sleep.
* Remove the sleep and fake the delay with a mock time routine */
EXPECT_SUCCESS(s2n_connection_set_blinding(conn, S2N_SELF_SERVICE_BLINDING));
EXPECT_SUCCESS(s2n_config_set_nanoseconds_since_epoch_callback(config, mock_nanoseconds_since_epoch, NULL));
/* Negotiate the handshake. */
EXPECT_FAILURE(s2n_negotiate(conn, &blocked));
/* Expect NULL negotiated protocol */
EXPECT_EQUAL(s2n_get_application_protocol(conn), NULL);
EXPECT_SUCCESS(s2n_shutdown(conn, &blocked));
EXPECT_SUCCESS(s2n_connection_free(conn));
/* Close the pipes */
EXPECT_SUCCESS(close(client_to_server[0]));
EXPECT_SUCCESS(close(server_to_client[1]));
/* Clean up */
EXPECT_EQUAL(waitpid(-1, &status, 0), pid);
EXPECT_NOT_EQUAL(status, 0);
EXPECT_SUCCESS(s2n_config_free(config));
END_TEST();
return 0;
}
int negotiate(struct s2n_connection *conn)
{
s2n_blocked_status blocked;
do {
if (s2n_negotiate(conn, &blocked) < 0) {
fprintf(stderr, "Failed to negotiate: '%s'. %s\n", s2n_strerror(s2n_errno, "EN"), s2n_strerror_debug(s2n_errno, "EN"));
fprintf(stderr, "Alert: %d\n", s2n_connection_get_alert(conn));
return -1;
}
} while (blocked);
/* Now that we've negotiated, print some parameters */
int client_hello_version;
int client_protocol_version;
int server_protocol_version;
int actual_protocol_version;
if ((client_hello_version = s2n_connection_get_client_hello_version(conn)) < 0) {
fprintf(stderr, "Could not get client hello version\n");
return -1;
}
if ((client_protocol_version = s2n_connection_get_client_protocol_version(conn)) < 0) {
fprintf(stderr, "Could not get client protocol version\n");
return -1;
}
if ((server_protocol_version = s2n_connection_get_server_protocol_version(conn)) < 0) {
fprintf(stderr, "Could not get server protocol version\n");
return -1;
}
if ((actual_protocol_version = s2n_connection_get_actual_protocol_version(conn)) < 0) {
fprintf(stderr, "Could not get actual protocol version\n");
return -1;
}
printf("CONNECTED:\n");
printf("Client hello version: %d\n", client_hello_version);
printf("Client protocol version: %d\n", client_protocol_version);
printf("Server protocol version: %d\n", server_protocol_version);
printf("Actual protocol version: %d\n", actual_protocol_version);
if (s2n_get_server_name(conn)) {
printf("Server name: %s\n", s2n_get_server_name(conn));
}
if (s2n_get_application_protocol(conn)) {
printf("Application protocol: %s\n", s2n_get_application_protocol(conn));
}
printf("Curve: %s\n", s2n_connection_get_curve(conn));
uint32_t length;
const uint8_t *status = s2n_connection_get_ocsp_response(conn, &length);
if (status && length > 0) {
fprintf(stderr, "OCSP response received, length %u\n", length);
}
printf("Cipher negotiated: %s\n", s2n_connection_get_cipher(conn));
if (s2n_connection_is_session_resumed(conn)) {
printf("Resumed session\n");
}
return 0;
}