source-git / gnutls

Clone
Source Code
GIT

Blame tests/multi-alerts.c

c8 c8s master
  1.   4684c19e6b623dac0517d3f3ac8f576d6fbfd0bb
  2.   tests
  3.   multi-alerts.c
Blob History Raw
Packit Service 4684c1 
/*
Packit Service 4684c1 
 * Copyright (C) 2016 Red Hat, Inc.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Author: Nikos Mavrogiannopoulos
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * This file is part of GnuTLS.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * GnuTLS is free software; you can redistribute it and/or modify it
Packit Service 4684c1 
 * under the terms of the GNU General Public License as published by
Packit Service 4684c1 
 * the Free Software Foundation; either version 3 of the License, or
Packit Service 4684c1 
 * (at your option) any later version.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * GnuTLS is distributed in the hope that it will be useful, but
Packit Service 4684c1 
 * WITHOUT ANY WARRANTY; without even the implied warranty of
Packit Service 4684c1 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Packit Service 4684c1 
 * General Public License for more details.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * You should have received a copy of the GNU General Public License
Packit Service 4684c1 
 * along with GnuTLS; if not, write to the Free Software Foundation,
Packit Service 4684c1 
 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
Packit Service 4684c1 
 */
Packit Service 4684c1
Packit Service 4684c1 
#ifdef HAVE_CONFIG_H
Packit Service 4684c1 
#include <config.h>
Packit Service 4684c1 
#endif
Packit Service 4684c1
Packit Service 4684c1 
#include <stdio.h>
Packit Service 4684c1 
#include <stdlib.h>
Packit Service 4684c1
Packit Service 4684c1 
/* In this test we check whether the server will bail out after receiving
Packit Service 4684c1 
 * a bunch of warning alerts. That is to avoid DoS due to the assymetry of
Packit Service 4684c1 
 * cost of sending an alert vs the cost of receiving.
Packit Service 4684c1 
 */
Packit Service 4684c1
Packit Service 4684c1 
#if defined(_WIN32)
Packit Service 4684c1
Packit Service 4684c1 
/* socketpair isn't supported on Win32. */
Packit Service 4684c1 
int main(int argc, char **argv)
Packit Service 4684c1 
{
Packit Service 4684c1 
	exit(77);
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
#else
Packit Service 4684c1
Packit Service 4684c1 
#include <string.h>
Packit Service 4684c1 
#include <sys/types.h>
Packit Service 4684c1 
#include <sys/socket.h>
Packit Service 4684c1 
#if !defined(_WIN32)
Packit Service 4684c1 
#include <sys/wait.h>
Packit Service 4684c1 
#endif
Packit Service 4684c1 
#include <unistd.h>
Packit Service 4684c1 
#include <assert.h>
Packit Service 4684c1 
#include <gnutls/gnutls.h>
Packit Service 4684c1
Packit Service 4684c1 
#include "utils.h"
Packit Service 4684c1 
#include "cert-common.h"
Packit Service 4684c1
Packit Service 4684c1 
pid_t child;
Packit Service 4684c1
Packit Service 4684c1 
static void tls_log_func(int level, const char *str)
Packit Service 4684c1 
{
Packit Service 4684c1 
	fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level,
Packit Service 4684c1 
		str);
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
static unsigned char tls_hello[] =
Packit Service 4684c1 
	"\x16\x03\x01\x01\x38\x01\x00\x01"
Packit Service 4684c1 
	"\x34\x03\x03\xfc\x77\xa8\xc7\x46"
Packit Service 4684c1 
	"\xf7\xfd\x04\x5b\x3c\xc6\xfa\xa4"
Packit Service 4684c1 
	"\xea\x3e\xfa\x76\x99\xfe\x1a\x2e"
Packit Service 4684c1 
	"\xe0\x79\x17\xb2\x27\x06\xc4\x5c"
Packit Service 4684c1 
	"\xd8\x78\x31\x00\x00\xb6\xc0\x30"
Packit Service 4684c1 
	"\xc0\x2c\xc0\x28\xc0\x24\xc0\x14"
Packit Service 4684c1 
	"\xc0\x0a\x00\xa5\x00\xa3\x00\xa1"
Packit Service 4684c1 
	"\x00\x9f\x00\x6b\x00\x6a\x00\x69"
Packit Service 4684c1 
	"\x00\x68\x00\x39\x00\x38\x00\x37"
Packit Service 4684c1 
	"\x00\x36\x00\x88\x00\x87\x00\x86"
Packit Service 4684c1 
	"\x00\x85\xc0\x32\xc0\x2e\xc0\x2a"
Packit Service 4684c1 
	"\xc0\x26\xc0\x0f\xc0\x05\x00\x9d"
Packit Service 4684c1 
	"\x00\x3d\x00\x35\x00\x84\xc0\x2f"
Packit Service 4684c1 
	"\xc0\x2b\xc0\x27\xc0\x23\xc0\x13"
Packit Service 4684c1 
	"\xc0\x09\x00\xa4\x00\xa2\x00\xa0"
Packit Service 4684c1 
	"\x00\x9e\x00\x67\x00\x40\x00\x3f"
Packit Service 4684c1 
	"\x00\x3e\x00\x33\x00\x32\x00\x31"
Packit Service 4684c1 
	"\x00\x30\x00\x9a\x00\x99\x00\x98"
Packit Service 4684c1 
	"\x00\x97\x00\x45\x00\x44\x00\x43"
Packit Service 4684c1 
	"\x00\x42\xc0\x31\xc0\x2d\xc0\x29"
Packit Service 4684c1 
	"\xc0\x25\xc0\x0e\xc0\x04\x00\x9c"
Packit Service 4684c1 
	"\x00\x3c\x00\x2f\x00\x96\x00\x41"
Packit Service 4684c1 
	"\x00\x07\xc0\x11\xc0\x07\xc0\x0c"
Packit Service 4684c1 
	"\xc0\x02\x00\x05\x00\x04\xc0\x12"
Packit Service 4684c1 
	"\xc0\x08\x00\x16\x00\x13\x00\x10"
Packit Service 4684c1 
	"\x00\x0d\xc0\x0d\xc0\x03\x00\x0a"
Packit Service 4684c1 
	"\x00\x15\x00\x12\x00\x0f\x00\x0c"
Packit Service 4684c1 
	"\x00\x09\x00\xff\x01\x00\x00\x55"
Packit Service 4684c1 
	"\x00\x0b\x00\x04\x03\x00\x01\x02"
Packit Service 4684c1 
	"\x00\x0a\x00\x1c\x00\x1a\x00\x17"
Packit Service 4684c1 
	"\x00\x19\x00\x1c\x00\x1b\x00\x18"
Packit Service 4684c1 
	"\x00\x1a\x00\x16\x00\x0e\x00\x0d"
Packit Service 4684c1 
	"\x00\x0b\x00\x0c\x00\x09\x00\x0a"
Packit Service 4684c1 
	"\x00\x23\x00\x00\x00\x0d\x00\x20"
Packit Service 4684c1 
	"\x00\x1e\x06\x01\x06\x02\x06\x03"
Packit Service 4684c1 
	"\x05\x01\x05\x02\x05\x03\x04\x01"
Packit Service 4684c1 
	"\x04\x02\x04\x03\x03\x01\x03\x02"
Packit Service 4684c1 
	"\x03\x03\x02\x01\x02\x02\x02\x03"
Packit Service 4684c1 
	"\x00\x0f\x00\x01\x01";
Packit Service 4684c1
Packit Service 4684c1 
static unsigned char tls_alert[] =
Packit Service 4684c1 
	"\x15\x03\x03\x00\x02\x00\x0A";
Packit Service 4684c1
Packit Service 4684c1 
static void client(int sd)
Packit Service 4684c1 
{
Packit Service 4684c1 
	char buf[1024];
Packit Service 4684c1 
	int ret;
Packit Service 4684c1 
	unsigned i;
Packit Service 4684c1
Packit Service 4684c1 
	/* send a TLS hello, and then a list of warning alerts */
Packit Service 4684c1
Packit Service 4684c1 
	ret = send(sd, tls_hello, sizeof(tls_hello)-1, 0);
Packit Service 4684c1 
	if (ret < 0)
Packit Service 4684c1 
		fail("error sending hello\n");
Packit Service 4684c1
Packit Service 4684c1 
	ret = recv(sd, buf, sizeof(buf), 0);
Packit Service 4684c1 
	if (ret < 0)
Packit Service 4684c1 
		fail("error receiving hello\n");
Packit Service 4684c1
Packit Service 4684c1 
	for (i=0;i<128;i++) {
Packit Service 4684c1 
		ret = send(sd, tls_alert, sizeof(tls_alert)-1, 0);
Packit Service 4684c1 
		if (ret < 0)
Packit Service 4684c1 
			fail("error sending hello\n");
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	close(sd);
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
static void server(int sd)
Packit Service 4684c1 
{
Packit Service 4684c1 
	gnutls_certificate_credentials_t x509_cred;
Packit Service 4684c1 
	gnutls_session_t session;
Packit Service 4684c1 
	int ret;
Packit Service 4684c1 
	unsigned loops;
Packit Service 4684c1
Packit Service 4684c1 
	/* this must be called once in the program
Packit Service 4684c1 
	 */
Packit Service 4684c1 
	global_init();
Packit Service 4684c1
Packit Service 4684c1 
	gnutls_global_set_log_function(tls_log_func);
Packit Service 4684c1 
	if (debug)
Packit Service 4684c1 
		gnutls_global_set_log_level(6);
Packit Service 4684c1
Packit Service 4684c1 
	gnutls_certificate_allocate_credentials(&x509_cred);
Packit Service 4684c1 
	gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert,
Packit Service 4684c1 
					      GNUTLS_X509_FMT_PEM);
Packit Service 4684c1
Packit Service 4684c1 
	gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert,
Packit Service 4684c1 
					    &server_ca3_key,
Packit Service 4684c1 
					    GNUTLS_X509_FMT_PEM);
Packit Service 4684c1
Packit Service 4684c1 
	if (debug)
Packit Service 4684c1 
		success("Launched, generating DH parameters...\n");
Packit Service 4684c1
Packit Service 4684c1 
	gnutls_init(&session, GNUTLS_SERVER);
Packit Service 4684c1
Packit Service 4684c1 
	/* avoid calling all the priority functions, since the defaults
Packit Service 4684c1 
	 * are adequate.
Packit Service 4684c1 
	 */
Packit Service 4684c1 
	assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL)>=0);
Packit Service 4684c1
Packit Service 4684c1 
	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
Packit Service 4684c1
Packit Service 4684c1 
	gnutls_transport_set_int(session, sd);
Packit Service 4684c1 
	loops = 0;
Packit Service 4684c1 
	do {
Packit Service 4684c1 
		ret = gnutls_handshake(session);
Packit Service 4684c1 
		loops++;
Packit Service 4684c1 
		if (loops > 64)
Packit Service 4684c1 
			fail("Too many loops in the handshake!\n");
Packit Service 4684c1 
	} while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_WARNING_ALERT_RECEIVED);
Packit Service 4684c1
Packit Service 4684c1 
	if (ret >= 0) {
Packit Service 4684c1 
		fail("server: Handshake succeeded unexpectedly\n");
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	close(sd);
Packit Service 4684c1 
	gnutls_deinit(session);
Packit Service 4684c1
Packit Service 4684c1 
	gnutls_certificate_free_credentials(x509_cred);
Packit Service 4684c1
Packit Service 4684c1 
	gnutls_global_deinit();
Packit Service 4684c1
Packit Service 4684c1 
	if (debug)
Packit Service 4684c1 
		success("server: finished\n");
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1
Packit Service 4684c1 
void doit(void)
Packit Service 4684c1 
{
Packit Service 4684c1 
	int sockets[2];
Packit Service 4684c1 
	int err;
Packit Service 4684c1
Packit Service 4684c1 
	err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets);
Packit Service 4684c1 
	if (err == -1) {
Packit Service 4684c1 
		perror("socketpair");
Packit Service 4684c1 
		fail("socketpair failed\n");
Packit Service 4684c1 
		return;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	child = fork();
Packit Service 4684c1 
	if (child < 0) {
Packit Service 4684c1 
		perror("fork");
Packit Service 4684c1 
		fail("fork");
Packit Service 4684c1 
		return;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	if (child) {
Packit Service 4684c1 
		int status;
Packit Service 4684c1
Packit Service 4684c1 
		server(sockets[0]);
Packit Service 4684c1 
		wait(&status);
Packit Service 4684c1 
		check_wait_status(status);
Packit Service 4684c1 
	} else {
Packit Service 4684c1 
		client(sockets[1]);
Packit Service 4684c1 
		exit(0);
Packit Service 4684c1 
	}
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
#endif				/* _WIN32 */

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation