diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-03-13 15:46:16 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-03-19 17:19:18 +0100 |
| commit | 80f182e8c205d3b25fedbc629d71abcd2483739e (patch) | |
| tree | 4958e8376546928ee63f8181fcf8a0342b399927 /tests | |
| parent | 671826acc0893f05712266a49dac4851c6523bb7 (diff) | |
| download | gnutls-80f182e8c205d3b25fedbc629d71abcd2483739e.tar.gz | |
tests: updated for TLS1.3 inclusion
This moves the test to use a specific version or test multiple
TLS versions if applicable.
Resolves #413
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests')
81 files changed, 1002 insertions, 1472 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 937447468c..6c1ee54540 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -152,10 +152,10 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei fallback-scsv pkcs8-key-decode urls dtls-rehandshake-cert \ key-usage-rsa key-usage-ecdhe-rsa mini-session-verify-function auto-verify \ record-timeouts mini-dtls-hello-verify-48 mini-x509-default-prio \ - mini-x509-dual global-init-override tlsext-decoding rsa-psk-cb \ + tls12-anon-upgrade global-init-override tlsext-decoding rsa-psk-cb \ rehandshake-switch-cert rehandshake-switch-cert-allow rehandshake-switch-cert-client \ rehandshake-switch-cert-client-allow handshake-versions dtls-handshake-versions \ - dtls-max-record tls-max-record alpn-server-prec ocsp-filename-memleak \ + dtls-max-record tls12-max-record alpn-server-prec ocsp-filename-memleak \ dh-params rehandshake-ext-secret pcert-list session-export-funcs \ handshake-false-start version-checks key-material-dtls key-material-set-dtls \ system-prio-file name-constraints-merge crl-basic crq-basic \ diff --git a/tests/anonself.c b/tests/anonself.c index 074ef78d5e..79fd5c6646 100644 --- a/tests/anonself.c +++ b/tests/anonself.c @@ -310,8 +310,11 @@ void doit(void) /* parent */ server(sockets[0]); wait(&status); - } else + check_wait_status(status); + } else { client(sockets[1]); + exit(0); + } } #endif /* _WIN32 */ diff --git a/tests/custom-urls-override.c b/tests/custom-urls-override.c index e6e936ae85..8ce3606cf9 100644 --- a/tests/custom-urls-override.c +++ b/tests/custom-urls-override.c @@ -47,6 +47,7 @@ int main() #include <gnutls/abstract.h> #include <gnutls/urls.h> #include <signal.h> +#include <assert.h> #include "cert-common.h" #include "utils.h" @@ -96,7 +97,7 @@ static void client(int fd) gnutls_init(&session, GNUTLS_CLIENT); /* Use default priorities */ - gnutls_priority_set_direct(session, "NORMAL", NULL); + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL)>=0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); @@ -166,7 +167,7 @@ static void server(int fd) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, "NORMAL", NULL); + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL)>=0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); diff --git a/tests/custom-urls.c b/tests/custom-urls.c index 28768121d6..a7295a174c 100644 --- a/tests/custom-urls.c +++ b/tests/custom-urls.c @@ -47,6 +47,7 @@ int main() #include <gnutls/abstract.h> #include <gnutls/urls.h> #include <signal.h> +#include <assert.h> #include "cert-common.h" #include "utils.h" @@ -93,7 +94,7 @@ static void client(int fd) gnutls_init(&session, GNUTLS_CLIENT); /* Use default priorities */ - gnutls_priority_set_direct(session, "NORMAL", NULL); + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL)>=0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); @@ -170,7 +171,7 @@ static void server(int fd) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, "NORMAL", NULL); + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL)>=0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); diff --git a/tests/dhepskself.c b/tests/dhepskself.c index 8278e9cfb8..9081f953c9 100644 --- a/tests/dhepskself.c +++ b/tests/dhepskself.c @@ -85,7 +85,7 @@ static void client(int sd) gnutls_init(&session, GNUTLS_CLIENT); /* Use default priorities */ - gnutls_priority_set_direct(session, "NORMAL:+DHE-PSK", NULL); + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:+DHE-PSK", NULL); /* put the anonymous credentials to the current session */ @@ -158,7 +158,7 @@ static gnutls_session_t initialize_tls_session(void) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, "NORMAL:+DHE-PSK", NULL); + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:+DHE-PSK", NULL); gnutls_handshake_set_timeout(session, 20 * 1000); gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred); @@ -298,8 +298,11 @@ void doit(void) /* parent */ server(sockets[0]); wait(&status); - } else + check_wait_status(status); + } else { client(sockets[1]); + exit(0); + } } #endif /* _WIN32 */ diff --git a/tests/dhex509self.c b/tests/dhex509self.c index bf5d0b25df..8a21ba097a 100644 --- a/tests/dhex509self.c +++ b/tests/dhex509self.c @@ -99,7 +99,7 @@ static void client(int sd) gnutls_init(&session, GNUTLS_CLIENT); /* Use default priorities */ - gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+DHE-RSA", NULL); + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA", NULL); /* put the x509 credentials to the current session */ @@ -217,7 +217,7 @@ static gnutls_session_t initialize_tls_session(void) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+DHE-RSA", NULL); + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA", NULL); gnutls_handshake_set_timeout(session, 20 * 1000); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); @@ -385,8 +385,11 @@ void doit(void) server(sockets[0]); wait(&status); - } else + check_wait_status(status); + } else { client(sockets[1]); + exit(0); + } } #endif /* _WIN32 */ diff --git a/tests/dtls-client-with-seccomp.c b/tests/dtls-client-with-seccomp.c index 45d7f29899..34b2409b46 100644 --- a/tests/dtls-client-with-seccomp.c +++ b/tests/dtls-client-with-seccomp.c @@ -46,6 +46,7 @@ int main() #include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> +#include <assert.h> #include "cert-common.h" #include "utils.h" @@ -72,7 +73,7 @@ push(gnutls_transport_ptr_t tr, const void *data, size_t len) return send(fd, data, len, 0); } -static void client(int fd) +static void client(int fd, const char *prio) { int ret; char buffer[MAX_BUF + 1]; @@ -101,9 +102,9 @@ static void client(int fd) gnutls_handshake_set_timeout(session, 20 * 1000); /* Use default priorities */ - gnutls_priority_set_direct(session, - "NORMAL:-KX-ALL:+ECDHE-RSA", - NULL); + assert(gnutls_priority_set_direct(session, + prio, + NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -174,7 +175,7 @@ static void terminate(void) exit(1); } -static void server(int fd) +static void server(int fd, const char *prio) { int ret; gnutls_certificate_credentials_t xcred; @@ -205,9 +206,9 @@ static void server(int fd) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, - "NORMAL:-KX-ALL:+ECDHE-RSA", - NULL); + assert(gnutls_priority_set_direct(session, + prio, + NULL)>=0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -265,11 +266,13 @@ static void server(int fd) success("server: finished\n"); } -void doit(void) +static +void run(const char *name, const char *prio) { int fd[2]; int ret; + success("testing seccomp with %s\n", name); signal(SIGPIPE, SIG_IGN); ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); @@ -290,15 +293,19 @@ void doit(void) /* parent */ close(fd[1]); - server(fd[0]); + server(fd[0], prio); wait(&status); check_wait_status(status); } else { close(fd[0]); - client(fd[1]); + client(fd[1], prio); exit(0); } } +void doit(void) +{ + run("dtls1.2", "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-DTLS1.2"); +} #endif /* _WIN32 */ diff --git a/tests/dtls-max-record.c b/tests/dtls-max-record.c index e0cee44608..7934668d8d 100644 --- a/tests/dtls-max-record.c +++ b/tests/dtls-max-record.c @@ -30,6 +30,7 @@ #include <errno.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> +#include <assert.h> #include "utils.h" #define SERVER_PUSH_ADD if (len > 512 + 5+8+32) fail("max record set to 512, len: %d\n", (int)len); @@ -47,7 +48,8 @@ static void tls_log_func(int level, const char *str) fprintf(stderr, "%s|<%d>| %s", side, level, str); } -void doit(void) +static +void run(const char *prio) { global_init(); @@ -77,9 +79,9 @@ void doit(void) gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_priority_set_direct(server, - "NORMAL", - NULL); + assert(gnutls_priority_set_direct(server, + prio, + NULL)>=0); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_pull_timeout_function(server, @@ -105,7 +107,7 @@ void doit(void) if (ret < 0) exit(1); - ret = gnutls_priority_set_direct(client, "NORMAL", NULL); + ret = gnutls_priority_set_direct(client, prio, NULL); if (ret < 0) exit(1); @@ -144,3 +146,8 @@ void doit(void) gnutls_global_deinit(); } + +void doit(void) +{ + run("NORMAL:-VERS-ALL:+VERS-DTLS1.2"); +} diff --git a/tests/dtls-rehandshake-cert-2.c b/tests/dtls-rehandshake-cert-2.c index dad82ee6bf..e16372b5ef 100644 --- a/tests/dtls-rehandshake-cert-2.c +++ b/tests/dtls-rehandshake-cert-2.c @@ -80,7 +80,7 @@ static ssize_t push(gnutls_transport_ptr_t tr, const void *data, size_t len) return send(fd, data, len, 0); } -static void client(int fd, int server_init) +static void client(int fd, int server_init, const char *prio) { int ret; char buffer[MAX_BUF + 1]; @@ -103,8 +103,9 @@ static void client(int fd, int server_init) gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); gnutls_dtls_set_mtu(session, 1500); + snprintf(buffer, sizeof(buffer), "%s:+ANON-ECDH", prio); assert(gnutls_priority_set_direct(session, - "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + buffer, NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); @@ -135,8 +136,9 @@ static void client(int fd, int server_init) (gnutls_protocol_get_version(session))); /* update priorities to allow cert auth */ + snprintf(buffer, sizeof(buffer), "%s:+ECDHE-RSA", prio); assert(gnutls_priority_set_direct(session, - "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-RSA:+CURVE-ALL", + buffer, NULL) >= 0); if (!server_init) { @@ -209,7 +211,7 @@ static void terminate(void) exit(1); } -static void server(int fd, int server_init) +static void server(int fd, int server_init, const char *prio) { int ret; char buffer[MAX_BUF + 1]; @@ -237,8 +239,9 @@ static void server(int fd, int server_init) /* avoid calling all the priority functions, since the defaults * are adequate. */ + snprintf(buffer, sizeof(buffer), "%s:+ECDHE-RSA:+ANON-ECDH", prio); assert(gnutls_priority_set_direct(session, - "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-RSA:+ANON-ECDH:+CURVE-ALL", + buffer, NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); @@ -356,7 +359,7 @@ static void server(int fd, int server_init) success("server: finished\n"); } -static void start(int server_initiated) +static void start(int server_initiated, const char *prio) { int fd[2]; int ret; @@ -378,20 +381,20 @@ static void start(int server_initiated) int status = 0; /* parent */ - server(fd[0], server_initiated); + server(fd[0], server_initiated, prio); wait(&status); check_wait_status(status); } else { close(fd[0]); - client(fd[1], server_initiated); + client(fd[1], server_initiated, prio); exit(0); } } void doit(void) { - start(0); - start(1); + start(0, "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+CURVE-ALL"); + start(1, "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+CURVE-ALL"); } #endif /* _WIN32 */ diff --git a/tests/dtls-rehandshake-cert-3.c b/tests/dtls-rehandshake-cert-3.c index f1d298c339..38d1cf7631 100644 --- a/tests/dtls-rehandshake-cert-3.c +++ b/tests/dtls-rehandshake-cert-3.c @@ -102,7 +102,7 @@ static ssize_t push(gnutls_transport_ptr_t tr, const void *data, size_t len) return send(fd, data, len, 0); } -static void client(int fd) +static void client(int fd, const char *prio) { int ret; char buffer[MAX_BUF + 1]; @@ -125,8 +125,9 @@ static void client(int fd) gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); gnutls_dtls_set_mtu(session, MTU); + snprintf(buffer, sizeof(buffer), "%s:+ANON-ECDH", prio); assert(gnutls_priority_set_direct(session, - "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + buffer, NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); @@ -158,8 +159,9 @@ static void client(int fd) (gnutls_protocol_get_version(session))); /* update priorities to allow cert auth */ + snprintf(buffer, sizeof(buffer), "%s:+ECDHE-RSA", prio); assert(gnutls_priority_set_direct(session, - "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-RSA:+CURVE-ALL", + buffer, NULL) >= 0); do { @@ -216,7 +218,7 @@ static void terminate(void) exit(1); } -static void server(int fd) +static void server(int fd, const char *prio) { int ret; char buffer[MAX_BUF + 1]; @@ -244,8 +246,9 @@ static void server(int fd) /* avoid calling all the priority functions, since the defaults * are adequate. */ + snprintf(buffer, sizeof(buffer), "%s:+ECDHE-RSA:+ANON-ECDH", prio); assert(gnutls_priority_set_direct(session, - "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-RSA:+ANON-ECDH:+CURVE-ALL", + buffer, NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); @@ -348,7 +351,7 @@ static void server(int fd) success("server: finished\n"); } -void doit(void) +static void start(const char *prio) { int fd[2]; int ret; @@ -371,14 +374,19 @@ void doit(void) /* parent */ server_fd = fd[0]; - server(fd[0]); + server(fd[0], prio); wait(&status); check_wait_status(status); } else { close(fd[0]); - client(fd[1]); + client(fd[1], prio); exit(0); } } +void doit(void) +{ + start("NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+CURVE-ALL"); +} + #endif /* _WIN32 */ diff --git a/tests/dtls-rehandshake-cert.c b/tests/dtls-rehandshake-cert.c index cad962641c..0591c771eb 100644 --- a/tests/dtls-rehandshake-cert.c +++ b/tests/dtls-rehandshake-cert.c @@ -80,7 +80,7 @@ push(gnutls_transport_ptr_t tr, const void *data, size_t len) return send(fd, data, len, 0); } -static void client(int fd, int server_init) +static void client(int fd, int server_init, const char *prio) { int ret; char buffer[MAX_BUF + 1]; @@ -102,9 +102,10 @@ static void client(int fd, int server_init) gnutls_dtls_set_mtu(session, 1500); /* Use default priorities */ + snprintf(buffer, sizeof(buffer), "%s:+ECDHE-RSA", prio); assert(gnutls_priority_set_direct(session, - "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-RSA:+CURVE-ALL", - NULL) >= 0); + buffer, + NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, clientx509cred); @@ -206,7 +207,7 @@ static void terminate(void) exit(1); } -static void server(int fd, int server_init) +static void server(int fd, int server_init, const char *prio) { int ret; char buffer[MAX_BUF + 1]; @@ -232,9 +233,10 @@ static void server(int fd, int server_init) /* avoid calling all the priority functions, since the defaults * are adequate. */ + snprintf(buffer, sizeof(buffer), "%s:+ECDHE-RSA", prio); assert(gnutls_priority_set_direct(session, - "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-RSA:+CURVE-ALL", - NULL) >= 0); + buffer, + NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, serverx509cred); @@ -345,7 +347,7 @@ static void server(int fd, int server_init) success("server: finished\n"); } -static void start(int server_initiated) +static void start(int server_initiated, const char *prio) { int fd[2]; int ret; @@ -367,20 +369,20 @@ static void start(int server_initiated) int status = 0; /* parent */ - server(fd[0], server_initiated); + server(fd[0], server_initiated, prio); wait(&status); check_wait_status(status); } else { close(fd[0]); - client(fd[1], server_initiated); + client(fd[1], server_initiated, prio); exit(0); } } void doit(void) { - start(0); - start(1); + start(0, "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+CURVE-ALL"); + start(1, "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+CURVE-ALL"); } #endif /* _WIN32 */ diff --git a/tests/dtls-with-seccomp.c b/tests/dtls-with-seccomp.c index 161e105b32..192d4d19ca 100644 --- a/tests/dtls-with-seccomp.c +++ b/tests/dtls-with-seccomp.c @@ -44,6 +44,7 @@ int main() #include <arpa/inet.h> #include <unistd.h> #include <signal.h> +#include <assert.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -72,7 +73,7 @@ push(gnutls_transport_ptr_t tr, const void *data, size_t len) return send(fd, data, len, 0); } -static void client(int fd) +static void client(int fd, const char *prio) { int ret; char buffer[MAX_BUF + 1]; @@ -94,10 +95,7 @@ static void client(int fd) gnutls_dtls_set_mtu(session, 1500); gnutls_handshake_set_timeout(session, 20 * 1000); - /* Use default priorities */ - gnutls_priority_set_direct(session, - "NORMAL:-KX-ALL:+ECDHE-RSA", - NULL); + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -168,7 +166,7 @@ static void terminate(void) exit(1); } -static void server(int fd) +static void server(int fd, const char *prio) { int ret; gnutls_certificate_credentials_t xcred; @@ -202,12 +200,7 @@ static void server(int fd) gnutls_handshake_set_timeout(session, 20 * 1000); gnutls_dtls_set_mtu(session, 1500); - /* avoid calling all the priority functions, since the defaults - * are adequate. - */ - gnutls_priority_set_direct(session, - "NORMAL:-KX-ALL:+ECDHE-RSA", - NULL); + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -265,11 +258,13 @@ static void server(int fd) success("server: finished\n"); } -void doit(void) +static +void run(const char *name, const char *prio) { int fd[2]; int ret; + success("trying: %s\n", name); signal(SIGPIPE, SIG_IGN); ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); @@ -290,15 +285,23 @@ void doit(void) /* parent */ close(fd[0]); - client(fd[1]); + client(fd[1], prio); wait(&status); check_wait_status(status); } else { close(fd[1]); - server(fd[0]); + server(fd[0], prio); exit(0); } } +void doit(void) +{ + run("dtls1.0", "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-DTLS1.0"); + run("dtls1.2", "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-DTLS1.2"); + run("default", "NORMAL"); +} + + #endif /* _WIN32 */ diff --git a/tests/duplicate-extensions.c b/tests/duplicate-extensions.c index c6aa8cbdf1..d3db925da7 100644 --- a/tests/duplicate-extensions.c +++ b/tests/duplicate-extensions.c @@ -156,7 +156,7 @@ static void server(int sd) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, "NORMAL", NULL); + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2", NULL); gnutls_handshake_set_timeout(session, 20 * 1000); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); @@ -210,6 +210,7 @@ void doit(void) client(sockets[1]); wait(&status); + check_wait_status(status); } else { server(sockets[0]); _exit(0); diff --git a/tests/eagain-common.h b/tests/eagain-common.h index 7ad4476341..80a1fda2ff 100644 --- a/tests/eagain-common.h +++ b/tests/eagain-common.h @@ -22,7 +22,7 @@ extern const char *side; } \ } \ while ((cret == GNUTLS_E_AGAIN || (cret == 0 && sret == GNUTLS_E_AGAIN)) && (sret == GNUTLS_E_AGAIN || (sret == 0 && cret == GNUTLS_E_AGAIN))); \ - if (cret != clierr || sret != serverr) \ + if ((clierr != -1 && cret != clierr) || (serverr != -1 && sret != serverr)) \ { \ fprintf(stderr, "client[%d]: %s\n", cret, gnutls_strerror(cret)); \ fprintf(stderr, "server[%d]: %s\n", sret, gnutls_strerror(sret)); \ diff --git a/tests/fallback-scsv.c b/tests/fallback-scsv.c index d307fe78a8..de0351b8fd 100644 --- a/tests/fallback-scsv.c +++ b/tests/fallback-scsv.c @@ -46,8 +46,10 @@ int main() #include <gnutls/gnutls.h> #include <gnutls/dtls.h> #include <signal.h> +#include <assert.h> #include "utils.h" +#include "cert-common.h" static void terminate(void); @@ -64,47 +66,6 @@ static void client_log_func(int level, const char *str) fprintf(stderr, "client|<%d>| %s", level, str); } -static unsigned char server_cert_pem[] = - "-----BEGIN CERTIFICATE-----\n" - "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" - "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" - "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" - "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" - "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" - "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" - "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" - "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" - "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" - "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" - "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" - "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" - "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; - -const gnutls_datum_t server_cert = { server_cert_pem, - sizeof(server_cert_pem) -}; - -static unsigned char server_key_pem[] = - "-----BEGIN RSA PRIVATE KEY-----\n" - "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" - "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" - "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" - "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" - "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" - "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" - "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" - "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" - "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" - "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" - "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" - "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" - "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" - "-----END RSA PRIVATE KEY-----\n"; - -const gnutls_datum_t server_key = { server_key_pem, - sizeof(server_key_pem) -}; - /* This tests whether the fallback SCSV is working as intended. */ @@ -131,7 +92,7 @@ static void client(int fd, const char *prio, unsigned expect_fail) gnutls_init(&session, GNUTLS_CLIENT); /* Use default priorities */ - gnutls_priority_set_direct(session, prio, NULL); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); @@ -232,7 +193,7 @@ static void server(int fd, const char *prio, unsigned expect_fail) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, prio, NULL); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); @@ -343,6 +304,8 @@ void doit(void) signal(SIGPIPE, SIG_IGN); start("NORMAL", "NORMAL", 0); + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2", 0); + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2:%FALLBACK_SCSV", 0); start("NORMAL", "NORMAL:%FALLBACK_SCSV", 0); start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:%FALLBACK_SCSV", 0); start("NORMAL", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:%FALLBACK_SCSV", 1); diff --git a/tests/gnutls_ext_raw_parse.c b/tests/gnutls_ext_raw_parse.c index 1402cdf16e..8f1801fb8a 100644 --- a/tests/gnutls_ext_raw_parse.c +++ b/tests/gnutls_ext_raw_parse.c @@ -150,7 +150,7 @@ static void client(int fd) gnutls_handshake_set_timeout(session, 20 * 1000); /* Use default priorities */ - gnutls_priority_set_direct(session, "NORMAL", NULL); + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); @@ -225,7 +225,7 @@ static void server(int fd) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, "NORMAL", NULL); + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); diff --git a/tests/handshake-false-start.c b/tests/handshake-false-start.c index d7b9ff96e3..af8e1b7ac5 100644 --- a/tests/handshake-false-start.c +++ b/tests/handshake-false-start.c @@ -52,7 +52,7 @@ enum { }; #define myfail(fmt, ...) \ - fail("%s%s %d: "fmt, dtls?"-dtls":"", name, testno, ##__VA_ARGS__) + fail("%s%s %d: "fmt, dtls?"dtls":"tls", name, testno, ##__VA_ARGS__) static void try(const char *name, unsigned testno, unsigned fs, const char *prio, unsigned dhsize, @@ -265,7 +265,7 @@ static void try(const char *name, unsigned testno, unsigned fs, gnutls_strerror(ret)); } - success("%5s%s \tok\n", dtls?"dtls-":"", name); + success("%5s%s \tok\n", dtls?"dtls-":"tls-", name); exit: gnutls_deinit(client); gnutls_deinit(server); @@ -286,21 +286,28 @@ void doit(void) for (j=0;j<2;j++) { for (i = 0; i < TESTNO_MAX; i++) { - try("anon-dh :", i, 0, "NORMAL:-KX-ALL:+ANON-DH", 3072, j); + try("1.2 anon-dh :", i, 0, "NORMAL:-VERS-ALL:+VERS-DTLS1.2:+VERS-TLS1.2:-KX-ALL:+ANON-DH", 3072, j); reset_buffers(); - try("anon-ecdh:", i, 0, "NORMAL:-KX-ALL:+ANON-ECDH", 2048, j); + try("1.2 anon-ecdh:", i, 0, "NORMAL:-VERS-ALL:+VERS-DTLS1.2:+VERS-TLS1.2:-KX-ALL:+ANON-ECDH", 2048, j); reset_buffers(); - try("ecdhe-rsa:", i, 1, "NORMAL:-KX-ALL:+ECDHE-RSA", 2048, j); + try("1.2 ecdhe-rsa:", i, 1, "NORMAL:-VERS-ALL:+VERS-DTLS1.2:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA", 2048, j); reset_buffers(); - try("ecdhe-x25519-rsa:", i, 1, "NORMAL:-KX-ALL:+ECDHE-RSA:-CURVE-ALL:+CURVE-X25519", 2048, j); + try("1.2 ecdhe-x25519-rsa:", i, 1, "NORMAL:-VERS-ALL:+VERS-DTLS1.2:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-CURVE-ALL:+CURVE-X25519", 2048, j); reset_buffers(); - try("ecdhe-ecdsa:", i, 1, "NORMAL:-KX-ALL:+ECDHE-ECDSA", 2048, j); + try("1.2 ecdhe-ecdsa:", i, 1, "NORMAL:-VERS-ALL:+VERS-DTLS1.2:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA", 2048, j); reset_buffers(); - try("dhe-rsa-2048:", i, 0, "NORMAL:-KX-ALL:+DHE-RSA", 2048, j); + try("1.2 dhe-rsa-2048:", i, 0, "NORMAL:-VERS-ALL:+VERS-DTLS1.2:+VERS-TLS1.2:-KX-ALL:+DHE-RSA", 2048, j); reset_buffers(); - try("dhe-rsa-3072:", i, 1, "NORMAL:-KX-ALL:+DHE-RSA", 3072, j); + try("1.2 dhe-rsa-3072:", i, 1, "NORMAL:-VERS-ALL:+VERS-DTLS1.2:+VERS-TLS1.2:-KX-ALL:+DHE-RSA", 3072, j); reset_buffers(); } } + + /* it should work, but false start will not be reported */ + try("1.3 secp256r1:", i, 0, "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1", 2048, 0); + reset_buffers(); + try("1.3 ffdhe2048:", i, 0, "NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-FFDHE2048", 2048, 0); + reset_buffers(); + gnutls_global_deinit(); } diff --git a/tests/handshake-large-packet.c b/tests/handshake-large-packet.c index 18f72be99b..a264b32577 100644 --- a/tests/handshake-large-packet.c +++ b/tests/handshake-large-packet.c @@ -46,6 +46,7 @@ int main(int argc, char **argv) #endif #include <unistd.h> #include <gnutls/gnutls.h> +#include <assert.h> #include "utils.h" #include "cert-common.h" @@ -109,7 +110,7 @@ static int ext_send_server_params(gnutls_session_t session, gnutls_buffer_t extd return MAX_SIZE; } -static void client(int sd) +static void client(int sd, const char *prio) { int ret; gnutls_session_t session; @@ -129,8 +130,7 @@ static void client(int sd) gnutls_init(&session, GNUTLS_CLIENT); /* Use default priorities */ - gnutls_priority_set_direct(session, "PERFORMANCE:+ANON-ECDH:+ANON-DH", - NULL); + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); /* put the anonymous credentials to the current session */ @@ -140,11 +140,11 @@ static void client(int sd) gnutls_transport_set_int(session, sd); gnutls_handshake_set_timeout(session, 20 * 1000); - gnutls_ext_register("ext_client1", TLSEXT_TYPE1, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL); - gnutls_ext_register("ext_client2", TLSEXT_TYPE2, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL); - gnutls_ext_register("ext_client3", TLSEXT_TYPE3, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL); - gnutls_ext_register("ext_client4", TLSEXT_TYPE4, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL); - gnutls_ext_register("ext_client5", TLSEXT_TYPE5, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL); + gnutls_session_ext_register(session, "ext_client1", TLSEXT_TYPE1, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL, 0); + gnutls_session_ext_register(session, "ext_client2", TLSEXT_TYPE2, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL, 0); + gnutls_session_ext_register(session, "ext_client3", TLSEXT_TYPE3, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL, 0); + gnutls_session_ext_register(session, "ext_client4", TLSEXT_TYPE4, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL, 0); + gnutls_session_ext_register(session, "ext_client5", TLSEXT_TYPE5, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL, 0); /* Perform the TLS handshake */ @@ -176,7 +176,7 @@ end: gnutls_global_deinit(); } -static void server(int sd) +static void server(int sd, const char *prio) { gnutls_certificate_credentials_t serverx509cred; int ret; @@ -201,17 +201,16 @@ static void server(int sd) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, "PERFORMANCE:+ANON-ECDH:+ANON-DH", - NULL); + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_ext_register("ext_server1", TLSEXT_TYPE1, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL); - gnutls_ext_register("ext_server2", TLSEXT_TYPE2, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL); - gnutls_ext_register("ext_server3", TLSEXT_TYPE3, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL); - gnutls_ext_register("ext_server4", TLSEXT_TYPE4, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL); - gnutls_ext_register("ext_server5", TLSEXT_TYPE5, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL); + gnutls_session_ext_register(session, "ext_server1", TLSEXT_TYPE1, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL, 0); + gnutls_session_ext_register(session, "ext_server2", TLSEXT_TYPE2, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL, 0); + gnutls_session_ext_register(session, "ext_server3", TLSEXT_TYPE3, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL, 0); + gnutls_session_ext_register(session, "ext_server4", TLSEXT_TYPE4, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL, 0); + gnutls_session_ext_register(session, "ext_server5", TLSEXT_TYPE5, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL, 0); gnutls_transport_set_int(session, sd); gnutls_handshake_set_timeout(session, 20 * 1000); @@ -248,13 +247,16 @@ static void server(int sd) success("server: finished\n"); } -void doit(void) +static +void start(const char *prio) { pid_t child; int sockets[2]; int err; signal(SIGPIPE, SIG_IGN); + TLSEXT_TYPE_server_sent = 0; + TLSEXT_TYPE_client_received = 0; err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); if (err == -1) { @@ -274,12 +276,22 @@ void doit(void) int status; /* parent */ close(sockets[0]); - client(sockets[1]); + client(sockets[1], prio); wait(&status); + check_wait_status(status); } else { close(sockets[1]); - server(sockets[0]); + server(sockets[0], prio); + exit(0); } } +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.1"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} + #endif /* _WIN32 */ diff --git a/tests/handshake-versions.c b/tests/handshake-versions.c index a558f38f23..831c029221 100644 --- a/tests/handshake-versions.c +++ b/tests/handshake-versions.c @@ -75,7 +75,7 @@ static void try(unsigned char major, unsigned char minor, int ret1, int ret2) serverx509cred); gnutls_priority_set_direct(server, - "NORMAL", + "NORMAL:+VERS-TLS-ALL", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); diff --git a/tests/key-material-dtls.c b/tests/key-material-dtls.c index a9ea96083c..82ed86625b 100644 --- a/tests/key-material-dtls.c +++ b/tests/key-material-dtls.c @@ -309,7 +309,7 @@ static void server(int fd) * are adequate. */ ret = gnutls_priority_set_direct(session, - "NORMAL:+ANON-DH:+ANON-ECDH", NULL); + "NORMAL:+VERS-DTLS1.0:+ANON-DH:+ANON-ECDH", NULL); if (ret < 0) { fail("server: priority set failed (%s)\n\n", gnutls_strerror(ret)); diff --git a/tests/key-material-set-dtls.c b/tests/key-material-set-dtls.c index 5c46a6a127..692c7a6574 100644 --- a/tests/key-material-set-dtls.c +++ b/tests/key-material-set-dtls.c @@ -254,7 +254,7 @@ static void server(int fd) * are adequate. */ ret = gnutls_priority_set_direct(session, - "NORMAL:+ANON-DH:+ANON-ECDH", NULL); + "NORMAL:+VERS-DTLS1.0:+ANON-DH:+ANON-ECDH", NULL); if (ret < 0) { fail("server: priority set failed (%s)\n\n", gnutls_strerror(ret)); diff --git a/tests/key-usage-ecdhe-rsa.c b/tests/key-usage-ecdhe-rsa.c index 65534d3f8b..976c826026 100644 --- a/tests/key-usage-ecdhe-rsa.c +++ b/tests/key-usage-ecdhe-rsa.c @@ -135,7 +135,7 @@ void server_check(void) gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); gnutls_priority_set_direct(server, - "NORMAL:-KX-ALL:+ECDHE-RSA", + "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -159,7 +159,7 @@ void server_check(void) if (ret < 0) exit(1); - gnutls_priority_set_direct(client, "NORMAL:+ECDHE-RSA", NULL); + gnutls_priority_set_direct(client, "NORMAL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); @@ -258,7 +258,7 @@ void client_check(void) gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); gnutls_priority_set_direct(server, - "NORMAL:-KX-ALL:+ECDHE-RSA:%DEBUG_ALLOW_KEY_USAGE_VIOLATIONS", + "NORMAL:-KX-ALL:+ECDHE-RSA:%DEBUG_ALLOW_KEY_USAGE_VIOLATIONS:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -282,7 +282,7 @@ void client_check(void) if (ret < 0) exit(1); - gnutls_priority_set_direct(client, "NORMAL:+ECDHE-RSA", NULL); + gnutls_priority_set_direct(client, "NORMAL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); diff --git a/tests/key-usage-rsa.c b/tests/key-usage-rsa.c index 9c16a496d4..42490df250 100644 --- a/tests/key-usage-rsa.c +++ b/tests/key-usage-rsa.c @@ -174,7 +174,7 @@ void server_check(void) gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); gnutls_priority_set_direct(server, - "NORMAL:-KX-ALL:+RSA", + "NORMAL:-KX-ALL:+RSA:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -198,7 +198,7 @@ void server_check(void) if (ret < 0) exit(1); - gnutls_priority_set_direct(client, "NORMAL:+RSA", NULL); + gnutls_priority_set_direct(client, "NORMAL:+RSA:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); @@ -297,7 +297,7 @@ void client_check(void) gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); gnutls_priority_set_direct(server, - "NORMAL:-KX-ALL:+RSA:%DEBUG_ALLOW_KEY_USAGE_VIOLATIONS", + "NORMAL:-KX-ALL:+RSA:%DEBUG_ALLOW_KEY_USAGE_VIOLATIONS:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -321,7 +321,7 @@ void client_check(void) if (ret < 0) exit(1); - gnutls_priority_set_direct(client, "NORMAL:+RSA", NULL); + gnutls_priority_set_direct(client, "NORMAL:+RSA:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); diff --git a/tests/long-session-id.c b/tests/long-session-id.c index 55f0641a45..2d783db1d1 100644 --- a/tests/long-session-id.c +++ b/tests/long-session-id.c @@ -243,7 +243,7 @@ void doit(void) signal(SIGCHLD, ch_handler); signal(SIGPIPE, SIG_IGN); - start("NORMAL"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); } #endif /* _WIN32 */ diff --git a/tests/mini-alignment.c b/tests/mini-alignment.c index 4944660a95..96f3d5b93a 100644 --- a/tests/mini-alignment.c +++ b/tests/mini-alignment.c @@ -53,6 +53,7 @@ int main(int argc, char **argv) #include <nettle/aes.h> #include <nettle/cbc.h> #include <nettle/gcm.h> +#include <assert.h> #include "utils.h" @@ -215,15 +216,13 @@ static void myaes_deinit(void *_ctx) free(_ctx); } -static void client(int sd) +static void client(int sd, const char *prio) { int ret, ii; gnutls_session_t session; char buffer[MAX_BUF + 1]; gnutls_certificate_credentials_t xcred; - global_init(); - gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(6); @@ -241,8 +240,7 @@ static void client(int sd) */ gnutls_init(&session, GNUTLS_CLIENT); - /* Use default priorities */ - gnutls_priority_set_direct(session, "NORMAL:-CIPHER-ALL:+AES-128-CBC", NULL); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); /* put the x509 credentials to the current session */ @@ -328,8 +326,6 @@ static void client(int sd) gnutls_deinit(session); gnutls_certificate_free_credentials(xcred); - - gnutls_global_deinit(); } /* This is a sample TLS 1.0 echo server, using X.509 authentication. @@ -382,7 +378,7 @@ const gnutls_datum_t server_key = { server_key_pem, sizeof(server_key_pem) }; -static void server(int sd) +static void server(int sd, const char *prio) { gnutls_certificate_credentials_t x509_cred; int ret; @@ -391,23 +387,10 @@ static void server(int sd) /* this must be called once in the program */ - global_init(); - gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(6); - ret = gnutls_crypto_register_cipher(GNUTLS_CIPHER_AES_128_CBC, 1, - myaes_init, - myaes_setkey, - myaes_setiv, - myaes_encrypt, - myaes_decrypt, - myaes_deinit); - if (ret < 0) { - fail("%d: cannot register cipher\n", __LINE__); - } - gnutls_certificate_allocate_credentials(&x509_cred); gnutls_certificate_set_x509_trust_mem(x509_cred, &ca, GNUTLS_X509_FMT_PEM); @@ -424,7 +407,7 @@ static void server(int sd) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, "NORMAL:-CIPHER-ALL:+AES-128-CBC", NULL); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); @@ -476,14 +459,12 @@ static void server(int sd) gnutls_certificate_free_credentials(x509_cred); - gnutls_global_deinit(); - if (debug) success("server: finished\n"); } - -void doit(void) +static +void start(const char *prio) { int sockets[2]; int err; @@ -505,10 +486,37 @@ void doit(void) if (child) { int status; - server(sockets[0]); + server(sockets[0], prio); wait(&status); - } else - client(sockets[1]); + check_wait_status(status); + } else { + client(sockets[1], prio); + exit(0); + } +} + +void doit(void) +{ + int ret; + + global_init(); + + ret = gnutls_crypto_register_cipher(GNUTLS_CIPHER_AES_128_CBC, 1, + myaes_init, + myaes_setkey, + myaes_setiv, + myaes_encrypt, + myaes_decrypt, + myaes_deinit); + if (ret < 0) { + fail("%d: cannot register cipher\n", __LINE__); + } + + + start("NORMAL:-CIPHER-ALL:+AES-128-CBC:-VERS-ALL:+VERS-TLS1.1"); + start("NORMAL:-CIPHER-ALL:+AES-128-CBC:-VERS-ALL:+VERS-TLS1.2"); + + gnutls_global_deinit(); } #endif /* _WIN32 */ diff --git a/tests/mini-dtls-discard.c b/tests/mini-dtls-discard.c index 4e5110be16..e9201acaea 100644 --- a/tests/mini-dtls-discard.c +++ b/tests/mini-dtls-discard.c @@ -46,6 +46,7 @@ int main() #include <errno.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> +#include <assert.h> #include "utils.h" @@ -57,9 +58,6 @@ int main() static void terminate(void); -/* This program tests the client hello verify in DTLS - */ - static void server_log_func(int level, const char *str) { fprintf(stderr, "server|<%d>| %s", level, str); @@ -70,9 +68,6 @@ static void client_log_func(int level, const char *str) fprintf(stderr, "client|<%d>| %s", level, str); } -/* A very basic TLS client, with anonymous authentication. - */ - #define MAX_BUF 1024 static ssize_t @@ -89,7 +84,7 @@ push(gnutls_transport_ptr_t tr, const void *data, size_t len) return send(fd, data, len, 0); } -static void client(int fd) +static void client(int fd, const char *prio) { int ret; gnutls_anon_client_credentials_t anoncred; @@ -112,9 +107,7 @@ static void client(int fd) gnutls_handshake_set_timeout(session, 20 * 1000); /* Use default priorities */ - gnutls_priority_set_direct(session, - "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", - NULL); + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); /* put the anonymous credentials to the current session */ @@ -181,7 +174,7 @@ static void terminate(void) exit(1); } -static void server(int fd) +static void server(int fd, const char *prio) { int ret; gnutls_anon_server_credentials_t anoncred; @@ -206,9 +199,7 @@ static void server(int fd) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, - "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", - NULL); + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); @@ -269,7 +260,8 @@ static void server(int fd) success("server: finished\n"); } -void doit(void) +static +void start(const char *prio) { int fd[2]; int ret; @@ -291,14 +283,20 @@ void doit(void) int status; /* parent */ - server(fd[0]); + server(fd[0], prio); wait(&status); check_wait_status(status); } else { close(fd[0]); - client(fd[1]); + client(fd[1], prio); exit(0); } } +void doit(void) +{ + start("NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"); + start("NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"); +} + #endif /* _WIN32 */ diff --git a/tests/mini-global-load.c b/tests/mini-global-load.c index 1d01da3798..fa6df2e2be 100644 --- a/tests/mini-global-load.c +++ b/tests/mini-global-load.c @@ -83,9 +83,8 @@ const gnutls_datum_t server_key = { server_key_pem, sizeof(server_key_pem) }; -void doit(void) +static void start(const char *prio) { - int exit_code = EXIT_SUCCESS; /* Server stuff. */ gnutls_certificate_credentials_t serverx509cred; gnutls_session_t server; @@ -95,6 +94,8 @@ void doit(void) gnutls_session_t client; int cret = GNUTLS_E_AGAIN; + success("running test with %s\n", prio); + /* General init. */ gnutls_global_set_log_function(tls_log_func); if (debug) @@ -108,9 +109,7 @@ void doit(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_priority_set_direct(server, - "NORMAL:-CIPHER-ALL:+AES-128-CBC", - NULL); + gnutls_priority_set_direct(server, prio, NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); @@ -120,7 +119,7 @@ void doit(void) gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); - gnutls_priority_set_direct(client, "NORMAL", NULL); + gnutls_priority_set_direct(client, prio, NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); @@ -136,10 +135,13 @@ void doit(void) gnutls_certificate_free_credentials(serverx509cred); gnutls_certificate_free_credentials(clientx509cred); - if (debug > 0) { - if (exit_code == 0) - puts("Self-test successful"); - else - puts("Self-test failed"); - } + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.1"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); } diff --git a/tests/mini-handshake-timeout.c b/tests/mini-handshake-timeout.c index d3a1233888..b4d1c2c962 100644 --- a/tests/mini-handshake-timeout.c +++ b/tests/mini-handshake-timeout.c @@ -87,7 +87,7 @@ static void client(int fd, int wait) gnutls_handshake_set_timeout(session, 20 * 1000); /* Use default priorities */ - gnutls_priority_set_direct(session, "NORMAL:+ANON-ECDH", NULL); + gnutls_priority_set_direct(session, "NORMAL:+ANON-ECDH:-VERS-ALL:+VERS-TLS1.2", NULL); /* put the anonymous credentials to the current session */ @@ -127,16 +127,6 @@ static void client(int fd, int wait) return; } -static void initialize_tls_session(gnutls_session_t * session) -{ - gnutls_init(session, GNUTLS_SERVER); - - /* avoid calling all the priority functions, since the defaults - * are adequate. - */ - gnutls_priority_set_direct(*session, "NORMAL:+ANON-ECDH", NULL); -} - static void server(int fd, int wait) { int ret; @@ -154,7 +144,13 @@ static void server(int fd, int wait) gnutls_anon_allocate_server_credentials(&anoncred); - initialize_tls_session(&session); + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:+ANON-ECDH:-VERS-ALL:+VERS-TLS1.2", NULL); + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); gnutls_transport_set_int(session, fd); diff --git a/tests/mini-key-material.c b/tests/mini-key-material.c index 9fb266f23b..aa7af6dd02 100644 --- a/tests/mini-key-material.c +++ b/tests/mini-key-material.c @@ -317,7 +317,7 @@ static void server(int fd) * are adequate. */ ret = gnutls_priority_set_direct(session, - "NORMAL:+ANON-DH:+ANON-ECDH", NULL); + "NORMAL:+ANON-DH:+ANON-ECDH:-VERS-ALL:+VERS-TLS1.0", NULL); if (ret < 0) { fail("server: priority set failed (%s)\n\n", gnutls_strerror(ret)); diff --git a/tests/mini-server-name.c b/tests/mini-server-name.c index eba6f58110..0da27cc3e1 100644 --- a/tests/mini-server-name.c +++ b/tests/mini-server-name.c @@ -71,7 +71,7 @@ int _gnutls_server_name_set_raw(gnutls_session_t session, gnutls_server_name_type_t type, const void *name, size_t name_length); -static void client(const char *test_name, int fd, unsigned raw, const char *name, unsigned name_len, int server_err) +static void client(const char *test_name, const char *prio, int fd, unsigned raw, const char *name, unsigned name_len, int server_err) { int ret; gnutls_anon_client_credentials_t anoncred; @@ -94,7 +94,7 @@ static void client(const char *test_name, int fd, unsigned raw, const char *name gnutls_init(&session, GNUTLS_CLIENT); /* Use default priorities */ - gnutls_priority_set_direct(session, "NORMAL", NULL); + gnutls_priority_set_direct(session, prio, NULL); /* put the anonymous credentials to the current session */ @@ -152,7 +152,7 @@ static void terminate(void) exit(1); } -static void server(const char *test_name, int fd, const char *name, unsigned name_len, int exp_err) +static void server(const char *test_name, const char *prio, int fd, const char *name, unsigned name_len, int exp_err) { int ret; char buffer[MAX_BUF + 1]; @@ -184,7 +184,7 @@ static void server(const char *test_name, int fd, const char *name, unsigned nam /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, "NORMAL", NULL); + gnutls_priority_set_direct(session, prio, NULL); gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); @@ -258,7 +258,7 @@ static void server(const char *test_name, int fd, const char *name, unsigned nam /* name: the name sent by client * server_exp: the name which should be expected by the server to see */ -static void start(const char *test_name, unsigned raw, const char *name, unsigned len, const char *server_exp, unsigned server_exp_len, int server_error) +static void start(const char *test_name, const char *prio, unsigned raw, const char *name, unsigned len, const char *server_exp, unsigned server_exp_len, int server_error) { int fd[2]; int ret; @@ -279,11 +279,11 @@ static void start(const char *test_name, unsigned raw, const char *name, unsigne if (child) { /* parent */ close(fd[1]); - server(test_name, fd[0], server_exp, server_exp_len, server_error); + server(test_name, prio, fd[0], server_exp, server_exp_len, server_error); kill(child, SIGTERM); } else { close(fd[0]); - client(test_name, fd[1], raw, name, len, server_error); + client(test_name, prio, fd[1], raw, name, len, server_error); exit(0); } } @@ -296,17 +296,35 @@ static void ch_handler(int sig) return; } +#define PRIO_TLS12 "NORMAL:-VERS-ALL:+VERS-TLS1.2" +#define PRIO_TLS13 "NORMAL:-VERS-ALL:+VERS-TLS1.3" +#define PRIO_NORMAL "NORMAL" + void doit(void) { signal(SIGCHLD, ch_handler); signal(SIGPIPE, SIG_IGN); - start("NULL", 0, NULL, 0, NULL, 0, 0); - start("empty", 0, "", 0, "", 0, 0); - start("test.example.com", 0, "test.example.com", strlen("test.example.com"), "test.example.com", strlen("test.example.com"), 0); - start("longtest.example.com", 0, "longtest.example.com.", strlen("longtest.example.com"), "longtest.example.com.", strlen("longtest.example.com"), 0); + start("tls1.2 NULL", PRIO_TLS12, 0, NULL, 0, NULL, 0, 0); + start("tls1.2 empty", PRIO_TLS12, 0, "", 0, "", 0, 0); + start("tls1.2 test.example.com", PRIO_TLS12, 0, "test.example.com", strlen("test.example.com"), "test.example.com", strlen("test.example.com"), 0); + start("tls1.2 longtest.example.com", PRIO_TLS12, 0, "longtest.example.com.", strlen("longtest.example.com"), "longtest.example.com.", strlen("longtest.example.com"), 0); + /* test embedded NULL */ + start("tls1.2 embedded-NULL", PRIO_TLS12, 1, "invalid\x00.example.com.", sizeof("invalid\x00.example.com")-1, NULL, 0, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); + + start("tls1.3 NULL", PRIO_TLS13, 0, NULL, 0, NULL, 0, 0); + start("tls1.3 empty", PRIO_TLS13, 0, "", 0, "", 0, 0); + start("tls1.3 test.example.com", PRIO_TLS13, 0, "test.example.com", strlen("test.example.com"), "test.example.com", strlen("test.example.com"), 0); + start("tls1.3 longtest.example.com", PRIO_TLS13, 0, "longtest.example.com.", strlen("longtest.example.com"), "longtest.example.com.", strlen("longtest.example.com"), 0); + /* test embedded NULL */ + start("tls1.3 embedded-NULL", PRIO_TLS13, 1, "invalid\x00.example.com.", sizeof("invalid\x00.example.com")-1, NULL, 0, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); + + start("NULL", PRIO_NORMAL, 0, NULL, 0, NULL, 0, 0); + start("empty", PRIO_NORMAL, 0, "", 0, "", 0, 0); + start("test.example.com", PRIO_NORMAL, 0, "test.example.com", strlen("test.example.com"), "test.example.com", strlen("test.example.com"), 0); + start("longtest.example.com", PRIO_NORMAL, 0, "longtest.example.com.", strlen("longtest.example.com"), "longtest.example.com.", strlen("longtest.example.com"), 0); /* test embedded NULL */ - start("embedded-NULL", 1, "invalid\x00.example.com.", sizeof("invalid\x00.example.com")-1, NULL, 0, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); + start("embedded-NULL", PRIO_NORMAL, 1, "invalid\x00.example.com.", sizeof("invalid\x00.example.com")-1, NULL, 0, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); } #endif /* _WIN32 */ diff --git a/tests/mini-session-verify-function.c b/tests/mini-session-verify-function.c index 791481a7fb..26d015be45 100644 --- a/tests/mini-session-verify-function.c +++ b/tests/mini-session-verify-function.c @@ -32,6 +32,7 @@ #include <gnutls/gnutls.h> #include "utils.h" #include "eagain-common.h" +#include <assert.h> /* Tests whether the session verify callbacks are operational. */ @@ -51,16 +52,20 @@ static int server_callback(gnutls_session_t session) { server_ok = 1; - if (gnutls_handshake_get_last_in(session) != - GNUTLS_HANDSHAKE_CERTIFICATE_PKT) { - fail("client's last input message was unexpected\n"); - exit(1); - } - - if (gnutls_handshake_get_last_out(session) != - GNUTLS_HANDSHAKE_SERVER_HELLO_DONE) { - fail("client's last output message was unexpected\n"); - exit(1); + if (gnutls_protocol_get_version(session) == GNUTLS_TLS1_2) { + if (gnutls_handshake_get_last_in(session) != + GNUTLS_HANDSHAKE_CERTIFICATE_PKT) { + fail("client's last input message was unexpected: %s\n", + gnutls_handshake_description_get_name(gnutls_handshake_get_last_in(session))); + exit(1); + } + + if (gnutls_handshake_get_last_out(session) != + GNUTLS_HANDSHAKE_SERVER_HELLO_DONE) { + fail("client's last output message was unexpected: %s\n", + gnutls_handshake_description_get_name(gnutls_handshake_get_last_out(session))); + exit(1); + } } return server_ret_val; } @@ -112,7 +117,7 @@ const gnutls_datum_t server_key = { server_key_pem, }; static -void test_success1(void) +void test_success1(const char *prio) { /* Server stuff. */ gnutls_certificate_credentials_t serverx509cred; @@ -138,12 +143,11 @@ void test_success1(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_priority_set_direct(server, "NORMAL", NULL); + assert(gnutls_priority_set_direct(server, prio, NULL)>=0); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); - gnutls_session_set_verify_function(server, - server_callback); + gnutls_session_set_verify_function(server, server_callback); gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); /* Init client */ @@ -151,7 +155,7 @@ void test_success1(void) gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); - gnutls_priority_set_direct(client, "NORMAL", NULL); + gnutls_priority_set_direct(client, prio, NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); @@ -177,7 +181,7 @@ void test_success1(void) } static -void test_failure_client(void) +void test_failure_client(const char *prio) { /* Server stuff. */ gnutls_certificate_credentials_t serverx509cred; @@ -205,12 +209,11 @@ void test_failure_client(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_priority_set_direct(server, "NORMAL", NULL); + assert(gnutls_priority_set_direct(server, prio, NULL)>=0); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); - gnutls_session_set_verify_function(server, - server_callback); + gnutls_session_set_verify_function(server, server_callback); gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); /* Init client */ @@ -218,7 +221,7 @@ void test_failure_client(void) gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); - gnutls_priority_set_direct(client, "NORMAL", NULL); + gnutls_priority_set_direct(client, prio, NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); @@ -238,7 +241,7 @@ void test_failure_client(void) } static -void test_failure_server(void) +void test_failure_server(const char *prio) { /* Server stuff. */ gnutls_certificate_credentials_t serverx509cred; @@ -266,12 +269,11 @@ void test_failure_server(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_priority_set_direct(server, "NORMAL", NULL); + assert(gnutls_priority_set_direct(server, prio, NULL)>=0); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); - gnutls_session_set_verify_function(server, - server_callback); + gnutls_session_set_verify_function(server, server_callback); gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); /* Init client */ @@ -279,14 +281,13 @@ void test_failure_server(void) gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); - gnutls_priority_set_direct(client, "NORMAL", NULL); + gnutls_priority_set_direct(client, prio, NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); - gnutls_session_set_verify_function(client, - client_callback); + gnutls_session_set_verify_function(client, client_callback); - HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_CERTIFICATE_ERROR); + HANDSHAKE_EXPECT(client, server, -1, GNUTLS_E_CERTIFICATE_ERROR); gnutls_deinit(client); gnutls_deinit(server); @@ -298,6 +299,20 @@ void test_failure_server(void) fail("%s: certificate verify callback wasn't called\n", __func__); } +static void start(const char *prio) +{ + success("running tests for %s\n", prio); + + client_ok = 0; + server_ok = 0; + client_ret_val = 0; + server_ret_val = 0; + + test_failure_client(prio); + test_failure_server(prio); + test_success1(prio); +} + void doit(void) { global_init(); @@ -305,9 +320,9 @@ void doit(void) if (debug) gnutls_global_set_log_level(99); - test_failure_client(); - test_failure_server(); - test_success1(); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); gnutls_global_deinit(); } diff --git a/tests/mini-termination.c b/tests/mini-termination.c index f5a884c25c..f0b232cefa 100644 --- a/tests/mini-termination.c +++ b/tests/mini-termination.c @@ -196,27 +196,8 @@ static void client(int fd, const char *prio) /* These are global */ -gnutls_anon_server_credentials_t anoncred; -gnutls_certificate_credentials_t x509_cred; pid_t child; -static gnutls_session_t initialize_tls_session(const char *prio) -{ - gnutls_session_t session; - - gnutls_init(&session, GNUTLS_SERVER); - - /* avoid calling all the priority functions, since the defaults - * are adequate. - */ - gnutls_priority_set_direct(session, prio, NULL); - - gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); - - return session; -} - static void terminate(void) { kill(child, SIGTERM); @@ -228,6 +209,8 @@ static void server(int fd, const char *prio) int ret; char buffer[MAX_BUF + 1]; gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; /* this must be called once in the program */ @@ -246,7 +229,15 @@ static void server(int fd, const char *prio) gnutls_anon_allocate_server_credentials(&anoncred); - session = initialize_tls_session(prio); + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, prio, NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); gnutls_transport_set_int(session, fd); @@ -325,6 +316,8 @@ void doit(void) signal(SIGCHLD, ch_handler); signal(SIGPIPE, SIG_IGN); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); start("NORMAL"); } diff --git a/tests/mini-tls-nonblock.c b/tests/mini-tls-nonblock.c index 01cc8db12f..4a58bcdeec 100644 --- a/tests/mini-tls-nonblock.c +++ b/tests/mini-tls-nonblock.c @@ -136,7 +136,7 @@ my_pull_timeout(gnutls_transport_ptr_t tr, unsigned ms) return 1; } -static void client(int fd, const char *msg, unsigned expl) +static void client(int fd, const char *msg, const char *prio, unsigned expl) { int ret; gnutls_anon_client_credentials_t anoncred; @@ -164,7 +164,7 @@ static void client(int fd, const char *msg, unsigned expl) gnutls_init(&session, GNUTLS_CLIENT|expl); /* Use default priorities */ - ret = gnutls_priority_set_direct(session, "NORMAL", NULL); + ret = gnutls_priority_set_direct(session, prio, NULL); if (ret < 0) { fail("error in setting priority\n"); exit(1); @@ -222,7 +222,7 @@ static void terminate(void) exit(1); } -static void server(int fd, unsigned expl) +static void server(int fd, const char *prio, unsigned expl) { int ret; char buffer[MAX_BUF + 1]; @@ -255,7 +255,7 @@ static void server(int fd, unsigned expl) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, "NORMAL", NULL); + gnutls_priority_set_direct(session, prio, NULL); gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); @@ -292,11 +292,13 @@ static void server(int fd, unsigned expl) success("server: finished\n"); } -static void start(const char *msg, unsigned expl) +static void start(const char *msg, const char *prio, unsigned expl) { int fd[2]; int ret; + success("trying %s\n", msg); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); @@ -313,12 +315,12 @@ static void start(const char *msg, unsigned expl) if (child) { /* parent */ close(fd[1]); - client(fd[0], msg, expl); + client(fd[0], msg, prio, expl); waitpid(-1, NULL, 0); //kill(child, SIGTERM); } else { close(fd[0]); - server(fd[1], expl); + server(fd[1], prio, expl); exit(0); } } @@ -340,9 +342,14 @@ void doit(void) { signal(SIGCHLD, ch_handler); - start("TLS-explicit flag", GNUTLS_NONBLOCK); - start("DTLS-explicit flag", GNUTLS_NONBLOCK|GNUTLS_DATAGRAM); - start("TLS-no flag", 0); + start("TLS1.2-explicit flag", "NORMAL:-VERS-ALL:+VERS-TLS1.2", GNUTLS_NONBLOCK); + start("TLS1.2-explicit flag", "NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_NONBLOCK); + start("TLS-explicit flag", "NORMAL", GNUTLS_NONBLOCK); + start("DTLS1.2-explicit flag", "NORMAL:-VERS-ALL:+VERS-DTLS1.2", GNUTLS_NONBLOCK|GNUTLS_DATAGRAM); + start("DTLS-explicit flag", "NORMAL", GNUTLS_NONBLOCK|GNUTLS_DATAGRAM); + start("TLS1.2-no flag", "NORMAL:-VERS-ALL:+VERS-TLS1.2", 0); + start("TLS1.3-no flag", "NORMAL:-VERS-ALL:+VERS-TLS1.3", 0); + start("TLS-no flag", "NORMAL", 0); } #endif /* _WIN32 */ diff --git a/tests/mini-x509-2.c b/tests/mini-x509-2.c index 66db99ddae..cab8c9ae2b 100644 --- a/tests/mini-x509-2.c +++ b/tests/mini-x509-2.c @@ -32,6 +32,7 @@ #include <gnutls/x509.h> #include "utils.h" #include "eagain-common.h" +#include <assert.h> /* This tests gnutls_certificate_set_x509_key() */ @@ -178,7 +179,8 @@ const gnutls_datum_t server_key = { server_key_pem, sizeof(server_key_pem) }; -void doit(void) +static +void start(const char *prio) { int exit_code = EXIT_SUCCESS; int ret; @@ -195,6 +197,8 @@ void doit(void) unsigned i; gnutls_x509_privkey_t pkey; + success("trying %s\n", prio); + /* General init. */ global_init(); gnutls_global_set_log_function(tls_log_func); @@ -233,9 +237,7 @@ void doit(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_priority_set_direct(server, - "NORMAL:-CIPHER-ALL:+AES-128-GCM", - NULL); + assert(gnutls_priority_set_direct(server, prio, NULL) >= 0); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); @@ -264,7 +266,7 @@ void doit(void) if (ret < 0) exit(1); - gnutls_priority_set_direct(client, "NORMAL", NULL); + gnutls_priority_set_direct(client, prio, NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); @@ -423,10 +425,12 @@ void doit(void) gnutls_global_deinit(); - if (debug > 0) { - if (exit_code == 0) - puts("Self-test successful"); - else - puts("Self-test failed"); - } + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); } diff --git a/tests/mini-x509-callbacks-intr.c b/tests/mini-x509-callbacks-intr.c index 0342121e3a..02b7ec84e1 100644 --- a/tests/mini-x509-callbacks-intr.c +++ b/tests/mini-x509-callbacks-intr.c @@ -57,16 +57,18 @@ static int server_callback(gnutls_session_t session) { server_ok = 1; - if (gnutls_handshake_get_last_in(session) != - GNUTLS_HANDSHAKE_CERTIFICATE_PKT) { - fail("client's last input message was unexpected\n"); - exit(1); - } - - if (gnutls_handshake_get_last_out(session) != - GNUTLS_HANDSHAKE_SERVER_HELLO_DONE) { - fail("client's last output message was unexpected\n"); - exit(1); + if (gnutls_protocol_get_version(session) == GNUTLS_TLS1_2) { + if (gnutls_handshake_get_last_in(session) != + GNUTLS_HANDSHAKE_CERTIFICATE_PKT) { + fail("client's last input message was unexpected\n"); + exit(1); + } + + if (gnutls_handshake_get_last_out(session) != + GNUTLS_HANDSHAKE_SERVER_HELLO_DONE) { + fail("client's last output message was unexpected\n"); + exit(1); + } } return 0; @@ -118,7 +120,8 @@ const gnutls_datum_t server_key = { server_key_pem, sizeof(server_key_pem) }; -void doit(void) +static +void start(const char *prio) { /* Server stuff. */ gnutls_certificate_credentials_t serverx509cred; @@ -129,6 +132,11 @@ void doit(void) gnutls_session_t client; int cret = GNUTLS_E_AGAIN; + success("trying %s\n", prio); + client_ok = 0; + server_ok = 0; + pch_ok = 0; + /* General init. */ global_init(); gnutls_global_set_log_function(tls_log_func); @@ -186,4 +194,13 @@ void doit(void) if (client_ok == 0) fail("Client certificate verify callback wasn't called\n"); + + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); } diff --git a/tests/mini-x509-callbacks.c b/tests/mini-x509-callbacks.c index 59205eb7c0..4380e1f793 100644 --- a/tests/mini-x509-callbacks.c +++ b/tests/mini-x509-callbacks.c @@ -128,16 +128,18 @@ static int server_callback(gnutls_session_t session) { server_ok = 1; - if (gnutls_handshake_get_last_in(session) != - GNUTLS_HANDSHAKE_CERTIFICATE_PKT) { - fail("client's last input message was unexpected\n"); - exit(1); - } + if (gnutls_protocol_get_version(session) == GNUTLS_TLS1_2) { + if (gnutls_handshake_get_last_in(session) != + GNUTLS_HANDSHAKE_CERTIFICATE_PKT) { + fail("client's last input message was unexpected\n"); + exit(1); + } - if (gnutls_handshake_get_last_out(session) != - GNUTLS_HANDSHAKE_SERVER_HELLO_DONE) { - fail("client's last output message was unexpected\n"); - exit(1); + if (gnutls_handshake_get_last_out(session) != + GNUTLS_HANDSHAKE_SERVER_HELLO_DONE) { + fail("client's last output message was unexpected\n"); + exit(1); + } } return 0; @@ -207,7 +209,8 @@ static void append_alpn(gnutls_session_t session) } } -void doit(void) +static +void start(const char *prio, unsigned check_order) { /* Server stuff. */ gnutls_certificate_credentials_t serverx509cred; @@ -218,6 +221,12 @@ void doit(void) gnutls_session_t client; int cret = GNUTLS_E_AGAIN; + success("trying %s\n", prio); + + client_ok = 0; + server_ok = 0; + pch_ok = 0; + /* General init. */ global_init(); gnutls_global_set_log_function(tls_log_func); @@ -232,7 +241,7 @@ void doit(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_priority_set_direct(server, "NORMAL", NULL); + gnutls_priority_set_direct(server, prio, NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); @@ -241,9 +250,10 @@ void doit(void) gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); gnutls_handshake_set_post_client_hello_function(server, post_client_hello_callback); - gnutls_handshake_set_hook_function(server, GNUTLS_HANDSHAKE_ANY, - GNUTLS_HOOK_POST, - handshake_callback); + if (check_order) + gnutls_handshake_set_hook_function(server, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_POST, + handshake_callback); append_alpn(server); /* Init client */ @@ -251,7 +261,7 @@ void doit(void) gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); - gnutls_priority_set_direct(client, "NORMAL", NULL); + gnutls_priority_set_direct(client, prio, NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); @@ -280,4 +290,13 @@ void doit(void) if (client_ok == 0) fail("Client certificate verify callback wasn't called\n"); + + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2", 1); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3", 0); + start("NORMAL", 0); } diff --git a/tests/mini-x509-cas.c b/tests/mini-x509-cas.c index 3866239c60..6edfd89c38 100644 --- a/tests/mini-x509-cas.c +++ b/tests/mini-x509-cas.c @@ -28,6 +28,7 @@ #include <stdlib.h> #include <string.h> #include <errno.h> +#include <assert.h> #include <gnutls/gnutls.h> #include "utils.h" #include "eagain-common.h" @@ -43,7 +44,8 @@ static void tls_log_func(int level, const char *str) fprintf(stderr, "%s|<%d>| %s", side, level, str); } -void doit(void) +static +void start(const char *prio) { int exit_code = EXIT_SUCCESS; const char *ca_file; @@ -56,6 +58,8 @@ void doit(void) gnutls_session_t client; int cret = GNUTLS_E_AGAIN; + success("trying %s\n", prio); + /* General init. */ global_init(); gnutls_global_set_log_function(tls_log_func); @@ -84,7 +88,7 @@ void doit(void) gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); - gnutls_priority_set_direct(server, "NORMAL", NULL); + assert(gnutls_priority_set_direct(server, prio, NULL)>=0); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); @@ -94,7 +98,7 @@ void doit(void) gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); - gnutls_priority_set_direct(client, "NORMAL", NULL); + assert(gnutls_priority_set_direct(client, prio, NULL)>=0); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); @@ -112,10 +116,12 @@ void doit(void) gnutls_global_deinit(); - if (debug > 0) { - if (exit_code == 0) - puts("Self-test successful"); - else - puts("Self-test failed"); - } + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); } diff --git a/tests/mini-x509.c b/tests/mini-x509.c index 28fae45afe..280ffcbc49 100644 --- a/tests/mini-x509.c +++ b/tests/mini-x509.c @@ -32,6 +32,7 @@ #include "utils.h" #include "eagain-common.h" #include "cert-common.h" +#include <assert.h> const char *side; @@ -50,7 +51,8 @@ static time_t mytime(time_t * t) return then; } -void doit(void) +static +void start(const char *prio) { int exit_code = EXIT_SUCCESS; int ret; @@ -63,6 +65,8 @@ void doit(void) gnutls_session_t client; int cret = GNUTLS_E_AGAIN; + success("trying %s\n", prio); + /* General init. */ global_init(); gnutls_global_set_log_function(tls_log_func); @@ -80,13 +84,7 @@ void doit(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_priority_set_direct(server, -#ifndef ENABLE_FIPS140 - "NORMAL:-CIPHER-ALL:+ARCFOUR-128", -#else - "NORMAL:-CIPHER-ALL:+AES-128-CBC", -#endif - NULL); + assert(gnutls_priority_set_direct(server, prio, NULL)>=0); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); @@ -109,7 +107,7 @@ void doit(void) if (ret < 0) exit(1); - gnutls_priority_set_direct(client, "NORMAL:+ARCFOUR-128", NULL); + gnutls_priority_set_direct(client, prio, NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); @@ -225,16 +223,18 @@ void doit(void) } } - ret = gnutls_session_ext_master_secret_status(client); - if (ret != 1) { - fail("Extended master secret wasn't negotiated by default (client ret: %d)\n", ret); - exit(1); - } + if (gnutls_protocol_get_version(client) == GNUTLS_TLS1_2) { + ret = gnutls_session_ext_master_secret_status(client); + if (ret != 1) { + fail("Extended master secret wasn't negotiated by default (client ret: %d)\n", ret); + exit(1); + } - ret = gnutls_session_ext_master_secret_status(server); - if (ret != 1) { - fail("Extended master secret wasn't negotiated by default (server ret: %d)\n", ret); - exit(1); + ret = gnutls_session_ext_master_secret_status(server); + if (ret != 1) { + fail("Extended master secret wasn't negotiated by default (server ret: %d)\n", ret); + exit(1); + } } gnutls_bye(client, GNUTLS_SHUT_RDWR); @@ -248,10 +248,12 @@ void doit(void) gnutls_global_deinit(); - if (debug > 0) { - if (exit_code == 0) - puts("Self-test successful"); - else - puts("Self-test failed"); - } + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); } diff --git a/tests/multi-alerts.c b/tests/multi-alerts.c index 15065475dc..a0a6e4474a 100644 --- a/tests/multi-alerts.c +++ b/tests/multi-alerts.c @@ -49,6 +49,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #endif #include <unistd.h> +#include <assert.h> #include <gnutls/gnutls.h> #include "utils.h" @@ -163,7 +164,7 @@ static void server(int sd) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, "NORMAL", NULL); + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL)>=0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); @@ -216,8 +217,11 @@ void doit(void) server(sockets[0]); wait(&status); - } else + check_wait_status(status); + } else { client(sockets[1]); + exit(0); + } } #endif /* _WIN32 */ diff --git a/tests/naked-alerts.c b/tests/naked-alerts.c index 48d26afdb4..1ea0c40461 100644 --- a/tests/naked-alerts.c +++ b/tests/naked-alerts.c @@ -48,6 +48,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #endif #include <unistd.h> +#include <assert.h> #include <gnutls/gnutls.h> #include "utils.h" @@ -111,7 +112,7 @@ static void server(int sd) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, "NORMAL", NULL); + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL)>=0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); @@ -164,8 +165,11 @@ void doit(void) server(sockets[0]); wait(&status); - } else + check_wait_status(status); + } else { client(sockets[1]); + exit(0); + } } #endif /* _WIN32 */ diff --git a/tests/openpgpself.c b/tests/openpgpself.c deleted file mode 100644 index 22b2e183c0..0000000000 --- a/tests/openpgpself.c +++ /dev/null @@ -1,616 +0,0 @@ -/* - * Copyright (C) 2004-2012 Free Software Foundation, Inc. - * Copyright (C) 2013 Adam Sampson <ats@offog.org> - * - * Author: Simon Josefsson - * - * This file is part of GnuTLS. - * - * GnuTLS is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * GnuTLS is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with GnuTLS; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - */ - -/* Parts copied from GnuTLS example programs. */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif - -#include <stdio.h> -#include <stdlib.h> - -#if defined(_WIN32) - -/* socketpair isn't supported on Win32. */ -int main(int argc, char **argv) -{ - exit(77); -} - -#else - -#include <string.h> -#include <sys/types.h> -#include <sys/socket.h> -#if !defined(_WIN32) -#include <sys/wait.h> -#endif -#include <unistd.h> -#include <gnutls/gnutls.h> -#include <gnutls/openpgp.h> - -#include "utils.h" - -#include "ex-session-info.c" -#include "ex-x509-info.c" - -pid_t child; - -static void tls_log_func(int level, const char *str) -{ - fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level, - str); -} - -/* A very basic TLS client, with anonymous authentication. - */ - -#define SESSIONS 2 -#define MAX_BUF 1024 -#define MSG "Hello TLS" - -static unsigned char cert_txt[] = - "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" - "Version: GnuPG v1.4.10 (GNU/Linux)\n" - "Comment: Test key for GnuTLS\n" - "\n" - "mI0ETYD2OQEEAMHmDBtJii82NbWuYcvEWCYnwa7GTcz2PYikYCcq/t5nkyb5Bfmx\n" - "mh2hpto7Lr5d1L/shvab1gXCcrWEAREgNNk9LiowtLuTHBdeOFlJ1u1P1rvdFVKq\n" - "2a6ft77Q5VltUDKPgTqz4NWH2KUlLfTvwJDnq2DxYsbwVpBDURuUocXhABEBAAG0\n" - "CVRlc3QgdXNlcoi4BBMBAgAiBQJNgPY5AhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe\n" - "AQIXgAAKCRAMTrFUBnAKMOVDA/9GEw7AokwJSGvHREriXcvMMKp6c6SYqa0TVsTg\n" - "Gh3ENu/KTfGJIM5p+zR6xy+5u5DfP5qLrRdCnoczncR5w9fn3RsP8ju/Ga5z23Q+\n" - "6XxRKRkXjE/E0ZFulbuaBom/nhrOmmfqKe7Mor9Y4QwzL2wL3sf6jWLglwdFYS/X\n" - "W3wqjLkBogRNgPY5EQQApafdUhCAHj8LLXYCqOXRSPZbKzvB55NwWrdvnod0seUW\n" - "aiTSWBlKnSvIomdcII/E3bjdngK4fTJ+Xr5pEJuzBnW3w787r6jBJSq2Lp0T9SP4\n" - "CBzd0gXcOQkILvX1VzxAsYVULJA0mhAR3IHFcywjX6ENKuvs7ApniBNoXqi6d3cA\n" - "oIAzYKrjyZ+guM4IUlRRrB8abx5vBACJPV+d15GYgzt1d8zLvOl/mzs85Twj2SB1\n" - "ZqzK6H/6QxQkEZpP/UVFpXaUGUly3nGEqg1yw4cgqW4SSxgLFz6B23Si+cTsssE6\n" - "CYziN1UI6NjxkoG/npMm0wRp7Z+KylEolAdbFBAAprORkt58CrGgpYe8O/35+PWc\n" - "J9rjhwxxkQP/VCpbZLugkL4XHWGWFGG35S6k9F3xPPTPoX9Zoud+0bOeoOK5RQHo\n" - "e99sVNN4hxxPTM/rJXfTTZUoB6o84yulTSxb6C9ueHotDV0eB9QX1ov/ltmwy3XS\n" - "fXEyWtI0CDBuZgEww26Up0pzg4XTBYMkmXrxx3J9ihcCIYyAHoE13EWI5wQYAQIA\n" - "CQUCTYD2OQIbIgBSCRAMTrFUBnAKMEcgBBkRAgAGBQJNgPY5AAoJEPMP1CPBQ+e6\n" - "3fQAnR7HWLnQTbxCIhlBTZiuJv2HC6cbAJwJ6VsSU6ADCkMuGT3LLNo+UnckK+4i\n" - "BACcivWsW40ddtEQ0wno1uP65TmKq3aJrdODXTAnqkmNQKL7X7Fz+nmEWiS+LBH8\n" - "lRvAaeRPX2LV+DCJDbAPrYd7LkOHyuM0I+ZApto5cjem/EnO7op2QwkCCa6oUp0l\n" - "YA6i6aGF2KGx7WQwi2URIMPhihpOvAbkjfszYpFL4VP5wQ==\n" - "=ydIq\n" "-----END PGP PUBLIC KEY BLOCK-----\n"; - -const gnutls_datum_t cert = { cert_txt, sizeof(cert_txt) }; - -static unsigned char key_txt[] = - "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" - "Version: GnuPG v1.4.10 (GNU/Linux)\n" - "Comment: Test key for GnuTLS\n" - "\n" - "lQHYBE2A9jkBBADB5gwbSYovNjW1rmHLxFgmJ8Guxk3M9j2IpGAnKv7eZ5Mm+QX5\n" - "sZodoabaOy6+XdS/7Ib2m9YFwnK1hAERIDTZPS4qMLS7kxwXXjhZSdbtT9a73RVS\n" - "qtmun7e+0OVZbVAyj4E6s+DVh9ilJS3078CQ56tg8WLG8FaQQ1EblKHF4QARAQAB\n" - "AAP9HJePsXZmqg+UW/Ya9bE+TmIObXdQgajN6hhTFXOBocokKNsPxoIp97Sepg+U\n" - "FP5BIQv/2t2f8bl6sMmGXsAhCqVzRxGuA+9USx8OfTHSdgIKT5T2VFSGJaU4df3Q\n" - "rstUY3dcvl6VKpDDZic1T7u2ANzaWM2u+pwooKC4cc/k9AECAMNDvrKF3FC7R9sd\n" - "TagVrrfde0RZuwhbGW9ghslkY893EelXQL/lbBI20crPdrsdDpMe370KO2bQLqwO\n" - "HGAxIYUCAP41iC7KReYvysLZ34tM55ZFE7BPsMcXUeu6hkYOMDZYvE+x4KV6Umo+\n" - "Civd4qD9dESR3WOcI9MwALUdNTxQU60B/21MrWjajY1m1vv7l2slJon5eSrH6BkH\n" - "Aj173uZca8HbgqSF1xOQW8ZGa6KInN3wHe+vPOXAgzlku/4XHgEYVVGeq7QJVGVz\n" - "dCB1c2VyiLgEEwECACIFAk2A9jkCGy8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA\n" - "AAoJEAxOsVQGcAow5UMD/0YTDsCiTAlIa8dESuJdy8wwqnpzpJiprRNWxOAaHcQ2\n" - "78pN8Ykgzmn7NHrHL7m7kN8/moutF0KehzOdxHnD1+fdGw/yO78ZrnPbdD7pfFEp\n" - "GReMT8TRkW6Vu5oGib+eGs6aZ+op7syiv1jhDDMvbAvex/qNYuCXB0VhL9dbfCqM\n" - "nQG7BE2A9jkRBAClp91SEIAePwstdgKo5dFI9lsrO8Hnk3Bat2+eh3Sx5RZqJNJY\n" - "GUqdK8iiZ1wgj8TduN2eArh9Mn5evmkQm7MGdbfDvzuvqMElKrYunRP1I/gIHN3S\n" - "Bdw5CQgu9fVXPECxhVQskDSaEBHcgcVzLCNfoQ0q6+zsCmeIE2heqLp3dwCggDNg\n" - "quPJn6C4zghSVFGsHxpvHm8EAIk9X53XkZiDO3V3zMu86X+bOzzlPCPZIHVmrMro\n" - "f/pDFCQRmk/9RUWldpQZSXLecYSqDXLDhyCpbhJLGAsXPoHbdKL5xOyywToJjOI3\n" - "VQjo2PGSgb+ekybTBGntn4rKUSiUB1sUEACms5GS3nwKsaClh7w7/fn49Zwn2uOH\n" - "DHGRA/9UKltku6CQvhcdYZYUYbflLqT0XfE89M+hf1mi537Rs56g4rlFAeh732xU\n" - "03iHHE9Mz+sld9NNlSgHqjzjK6VNLFvoL254ei0NXR4H1BfWi/+W2bDLddJ9cTJa\n" - "0jQIMG5mATDDbpSnSnODhdMFgySZevHHcn2KFwIhjIAegTXcRQAAn2PK9kOqhjOJ\n" - "KU5iaagnF176FwhdCO2I5wQYAQIACQUCTYD2OQIbIgBSCRAMTrFUBnAKMEcgBBkR\n" - "AgAGBQJNgPY5AAoJEPMP1CPBQ+e63fQAniK5kU+dwIbkD+OHJHkC73V6v4D8AJ0Z\n" - "+GBYj4nhKEX21QXfj55F3Zpg1e4iBACcivWsW40ddtEQ0wno1uP65TmKq3aJrdOD\n" - "XTAnqkmNQKL7X7Fz+nmEWiS+LBH8lRvAaeRPX2LV+DCJDbAPrYd7LkOHyuM0I+ZA\n" - "pto5cjem/EnO7op2QwkCCa6oUp0lYA6i6aGF2KGx7WQwi2URIMPhihpOvAbkjfsz\n" - "YpFL4VP5wQ==\n" "=zzoN\n" "-----END PGP PRIVATE KEY BLOCK-----\n"; - -const gnutls_datum_t key = { key_txt, sizeof(key_txt) }; - - -static void client(int sds[]) -{ - int ret, ii, j; - gnutls_session_t session; - char buffer[MAX_BUF + 1]; - gnutls_certificate_credentials_t xcred; - - global_init(); - - gnutls_global_set_log_function(tls_log_func); - if (debug) - gnutls_global_set_log_level(9); - - gnutls_certificate_allocate_credentials(&xcred); - - /* sets the trusted cas file - */ - if (debug) - success("Setting key files...\n"); - - ret = gnutls_certificate_set_openpgp_key_mem(xcred, &cert, &key, - GNUTLS_OPENPGP_FMT_BASE64); - if (ret < 0) { - fail("Could not set key files...\n"); - return; - } - - for (j = 0; j < SESSIONS; j++) { - int sd = sds[j]; - - /* Initialize TLS session - */ - gnutls_init(&session, GNUTLS_CLIENT); - - /* Use default priorities */ - gnutls_priority_set_direct(session, - "NORMAL:+CTYPE-OPENPGP:+DHE-DSS:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256:%VERIFY_ALLOW_SIGN_WITH_SHA1", NULL); - - /* put the x509 credentials to the current session - */ - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, - xcred); - - gnutls_transport_set_int(session, sd); - gnutls_handshake_set_timeout(session, 20 * 1000); - - /* Perform the TLS handshake - */ - ret = gnutls_handshake(session); - - if (ret < 0) { - fail("client: Handshake %d failed\n", j); - gnutls_perror(ret); - goto end; - } else if (debug) { - success("client: Handshake %d was completed\n", j); - } - - if (debug) - success("client: TLS version is: %s\n", - gnutls_protocol_get_name - (gnutls_protocol_get_version(session))); - - /* see the Getting peer's information example */ - if (debug) - print_info(session); - - gnutls_record_send(session, MSG, strlen(MSG)); - - ret = gnutls_record_recv(session, buffer, MAX_BUF); - if (ret == 0) { - if (debug) - success - ("client: Peer has closed the TLS connection\n"); - goto end; - } else if (ret < 0) { - fail("client: Error: %s\n", gnutls_strerror(ret)); - goto end; - } - - if (debug) { - printf("- Received %d bytes: ", ret); - for (ii = 0; ii < ret; ii++) { - fputc(buffer[ii], stdout); - } - fputs("\n", stdout); - } - - gnutls_bye(session, GNUTLS_SHUT_RDWR); - - close(sd); - - gnutls_deinit(session); - - } - - end: - - gnutls_certificate_free_credentials(xcred); - - gnutls_global_deinit(); -} - -/* This is a sample TLS 1.0 echo server, using X.509 authentication. - */ - -#define MAX_BUF 1024 -#define DH_BITS 1024 - -/* These are global */ -gnutls_certificate_credentials_t pgp_cred; - -static gnutls_session_t initialize_tls_session(void) -{ - gnutls_session_t session; - - gnutls_init(&session, GNUTLS_SERVER); - - /* avoid calling all the priority functions, since the defaults - * are adequate. - */ - gnutls_priority_set_direct(session, "NORMAL:+CTYPE-OPENPGP:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256:%VERIFY_ALLOW_SIGN_WITH_SHA1", NULL); - - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, pgp_cred); - - /* request client certificate if any. - */ - gnutls_certificate_server_set_request(session, - GNUTLS_CERT_REQUEST); - - gnutls_dh_set_prime_bits(session, DH_BITS); - - return session; -} - -static gnutls_dh_params_t dh_params; - -static int generate_dh_params(void) -{ - const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) }; - /* Generate Diffie-Hellman parameters - for use with DHE - * kx algorithms. These should be discarded and regenerated - * once a day, once a week or once a month. Depending on the - * security requirements. - */ - gnutls_dh_params_init(&dh_params); - return gnutls_dh_params_import_pkcs3(dh_params, &p3, - GNUTLS_X509_FMT_PEM); -} - -int err, ret; -char topbuf[512]; -gnutls_session_t session; -char buffer[MAX_BUF + 1]; -int optval = 1; - -static unsigned char server_crt_txt[] = - "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" - "Version: GnuPG v1.4.6 (GNU/Linux)\n" - "\n" - "mNEER2PogwEGINdIR4u5PR4SwADWwj/ztgtoi7XVbmlfbQTHpBYFxTSC88pISSNy\n" - "V/rgnlqunYP77F7aHL4KUReN3v9sKw01xSGEfox/JmlqUUg6CVvTjdeLfkuVIBnH\n" - "j+2KMlaxezp7IxtPaTXpXcSf8iOuVq7UX7p6tKbppKXO5GgmfA88VUVvGBs1/PQp\n" - "WKQdGrj+6I3RRmDN/hna1jGU/N23230Hbx+bu7g9cviiSh10ri7rdDhVJ67tRkRG\n" - "Usy3XO6dWC7EmzZlEO8AEQEAAbQQdGVzdDMuZ251dGxzLm9yZ4kBAAQTAQIAJgUC\n" - "R2PogwIbAwUJCWYBgAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEKAh4/gImZBR\n" - "96QGH3E3zynETuQS3++hGMvMXq2mDJeT2e8964y/ifIOBpr2K2isuLYnrtGKyxi+\n" - "ZptyHv6ymR3bDvio50cjnoT/WK1onosOJvtijGBS+U/ooq3im7ExpeQYXc/zpYsX\n" - "OmB5m6BvdomUp2PMqdxsmOPoaRkSYx5R2Rlo/z3csodl6sp3k465Y/jg7L4gkxDz\n" - "XJM+CS1xMhcOF0gBhppqLnG67x0ow847Pydstzkw0sOqedkLPuScaHNnlAWQ7QH6\n" - "mbbpqHJwekS4jQRHiKV8AQQA0iZ81WXypLI4ZE2+hYfBCnfMVfQF/vPgvASxhwri\n" - "GDa9Zc2f/VfakfNiwZgHH6iCeppHBiP2jljnbuOsL6f1R+0FsnyTVwHbuEU7IU2y\n" - "+J0/s0z3wcx9sx8T7brP5z5F2hdagBsD9YFGCifHDAEew4mmAisY0i2QHVIuXJFj\n" - "4RMAEQEAAYkBhwQYAQIADwUCR4ilfAIbAgUJEOrPgACoCRCgIeP4CJmQUZ0gBBkB\n" - "AgAGBQJHiKV8AAoJEIN7b7QuD+F2AEcEAKAjhO9kSOE8UuwEOKlwsWL9LUUSkHJj\n" - "c/ca0asLAerzrHsldRAcwCbWkVxBBHySw2CLFjzpgdXhwRtsytMgHaapfAPbinAW\n" - "jCPIEJx2gDZeZnTgi4DVbZn5E3UzHGyL69MEoXr5t+vpiemQFd/nGD+h/Q2A76od\n" - "gvAryRvS1Soj8bcGHjUflayXGOSvaD8P2V5Vz0hS82QZcqWxD8qUBqbcB8atokmO\n" - "IYxhKyRmO58T5Ma+iaxBTUIwee+pBYDgdH6E2dh9xLlwwzZKaCcIRCQcObkLsMVo\n" - "fZJo+m0Xf8zI57NeQF+hXJhW7lIrWgQVr8IVp/lgo76acLHfL/t1n0Nhg4r2srz2\n" - "fpP2w5laQ0qImYLnZhGFHU+rJUyFaHfhD8/svN2LuZkO570pjV/K68EaHnEfk5b8\n" - "jWu/euohwcCwf20M1kTo3Bg=\n" - "=Xjon\n" "-----END PGP PUBLIC KEY BLOCK-----\n"; -const gnutls_datum_t server_crt = - { server_crt_txt, sizeof(server_crt_txt) }; - -static unsigned char server_key_txt[] = - "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" - "Version: GnuPG v1.4.6 (GNU/Linux)\n" - "\n" - "lQLGBEdj6IMBBiDXSEeLuT0eEsAA1sI/87YLaIu11W5pX20Ex6QWBcU0gvPKSEkj\n" - "clf64J5arp2D++xe2hy+ClEXjd7/bCsNNcUhhH6MfyZpalFIOglb043Xi35LlSAZ\n" - "x4/tijJWsXs6eyMbT2k16V3En/Ijrlau1F+6erSm6aSlzuRoJnwPPFVFbxgbNfz0\n" - "KVikHRq4/uiN0UZgzf4Z2tYxlPzdt9t9B28fm7u4PXL4okoddK4u63Q4VSeu7UZE\n" - "RlLMt1zunVguxJs2ZRDvABEBAAEABhwMx6crpb75ko5gXl9gsYSMj9O/YyCvU7Fi\n" - "l8FnZ0dKMz3qs7jXyFlttLjh1DzYkXN6PAN5yp3+wnbK/e5eVeNSdo2WpJOwrVWO\n" - "7pcQovHoKklAjmU98olaRhpv6BBTK+0tGUFaRrmrrYuz2xnwf3+kIpt4ahYW2dr9\n" - "B+/pvBSVC/sv2+3PEQSsXlWCYVgkQ7WBN4GQdyjjxhQpcWdf8Z6unx4zuS3s7GGM\n" - "4WaDxmDNCFlTGdrKPQeogtS3LVF9OiRCOvIlAxDmDvnC3zAwO/IvDUHFED9x9hmK\n" - "MeVwCg8rwDMptVYN2hm+bjNzjV4pimUVd+w7edjEky0Jd/6tTH01CBUWxs9Pfup2\n" - "cQ9zkYcVz1bwcoqeyRzFCJgi6PiVT38QFEvyusoVkwMQ747D6p7y+R52MEcIvcLb\n" - "lBXhRviz3rW+Sch4+ohUPvBU41saM5B6UcOmhdPfdvPriI4qXwFxusGWt98NN3aW\n" - "Ns2/L9kMX/SWnN6Elfj5hrrExDZ2CE60uuvfj+O/uXfO8LUDENE4vQrC399KLbJw\n" - "uCaqjqLysYA9EY/Nv8RFGkk1UM4ViW8v1/95D95F9WqochSYH8Phr3br0chDxofb\n" - "rnm6dUPE8uiriNaKWdoiUNSuvumh9lVixmRI923+4imu3scq+rlJAZ20EHRlc3Qz\n" - "LmdudXRscy5vcmeJAQAEEwECACYFAkdj6IMCGwMFCQlmAYAGCwkIBwMCBBUCCAME\n" - "FgIDAQIeAQIXgAAKCRCgIeP4CJmQUfekBh9xN88pxE7kEt/voRjLzF6tpgyXk9nv\n" - "PeuMv4nyDgaa9itorLi2J67RissYvmabch7+spkd2w74qOdHI56E/1itaJ6LDib7\n" - "YoxgUvlP6KKt4puxMaXkGF3P86WLFzpgeZugb3aJlKdjzKncbJjj6GkZEmMeUdkZ\n" - "aP893LKHZerKd5OOuWP44Oy+IJMQ81yTPgktcTIXDhdIAYaaai5xuu8dKMPOOz8n\n" - "bLc5MNLDqnnZCz7knGhzZ5QFkO0B+pm26ahycHpEnQHXBEeIpXwBBADSJnzVZfKk\n" - "sjhkTb6Fh8EKd8xV9AX+8+C8BLGHCuIYNr1lzZ/9V9qR82LBmAcfqIJ6mkcGI/aO\n" - "WOdu46wvp/VH7QWyfJNXAdu4RTshTbL4nT+zTPfBzH2zHxPtus/nPkXaF1qAGwP1\n" - "gUYKJ8cMAR7DiaYCKxjSLZAdUi5ckWPhEwARAQABAAP3QKGVoNi52HXEN3ttUCyB\n" - "Q1CDurh0MLDQoHomY3MGfI4VByk2YKMb2el4IJqyHrUbBYjTpHY31W2CSIdWfoTU\n" - "DIik49CQaUpR13dJXEiG4d+nyETFutEalTQI4hMjABD9l1XvZP7Ll3YWmqN8Cam5\n" - "JY23YAy2Noqbc3AcEut4+QIA1zcv8EU1QVqOwjSybRdm6HKK/A2bMqnITeUR/ikm\n" - "IuU4lhijm/d1qS6ZBehRvvYa9MY4V7BGEQLWSlyc5aYJ/wIA+fmRv0lHSs78QSUg\n" - "uRbNv6Aa6CXEOXmG+TpIaf/RWrPmBpdG8AROBVo1wmwG8oQaIjeX3RjKXfL3HTDD\n" - "CxNg7QIA06tApdo2j1gr3IrroUwQ7yvi56ELB1Lv+W3WLN8lzCfQ6Fs+7IJRrC2R\n" - "0uzLMGOsSORGAFIbAuLIMpc6rHCeS50hiQGHBBgBAgAPBQJHiKV8AhsCBQkQ6s+A\n" - "AKgJEKAh4/gImZBRnSAEGQECAAYFAkeIpXwACgkQg3tvtC4P4XYARwQAoCOE72RI\n" - "4TxS7AQ4qXCxYv0tRRKQcmNz9xrRqwsB6vOseyV1EBzAJtaRXEEEfJLDYIsWPOmB\n" - "1eHBG2zK0yAdpql8A9uKcBaMI8gQnHaANl5mdOCLgNVtmfkTdTMcbIvr0wShevm3\n" - "6+mJ6ZAV3+cYP6H9DYDvqh2C8CvJG9LVKiPxtwYeNR+VrJcY5K9oPw/ZXlXPSFLz\n" - "ZBlypbEPypQGptwHxq2iSY4hjGErJGY7nxPkxr6JrEFNQjB576kFgOB0foTZ2H3E\n" - "uXDDNkpoJwhEJBw5uQuwxWh9kmj6bRd/zMjns15AX6FcmFbuUitaBBWvwhWn+WCj\n" - "vppwsd8v+3WfQ2GDivayvPZ+k/bDmVpDSoiZgudmEYUdT6slTIVod+EPz+y83Yu5\n" - "mQ7nvSmNX8rrwRoecR+TlvyNa7966iHBwLB/bQzWROjcGA==\n" - "=mZnW\n" "-----END PGP PRIVATE KEY BLOCK-----\n"; -const gnutls_datum_t server_key = - { server_key_txt, sizeof(server_key_txt) }; - -static unsigned char cert2048_txt[] = - "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" - "Version: GnuPG v1.4.10 (GNU/Linux)\n" - "Comment: Test key for GnuTLS\n" - "\n" - "mQMuBE1/6bQRCAD8TQlwbkkX3bLJvemSA/BqT/z0OrJsuXKFQqK5Pp0BRTwC4iCg\n" - "wnUFrr012up66YTzaA0aQpkf48gqxZ1XTGZtZ13+aAArChqKiffR7OS+BnROd+D3\n" - "NkPF0tWDAqRFsybIej1GcdSyPw+neExSfoeYzNpUW9oX2iLh5QZC/xt++kE8tOr8\n" - "BXiDW/+rudjf8Rc0ZI10vi12rb64eYd7szE49crS2YsjqarnncN+J7RX3jSifKrZ\n" - "XqP/F5s/0a1Nfd4xQU2fsnbQwiIuKTQjU6BHD/2ILnhZImEUn4KqZvbEt6yIJiLy\n" - "u+KerhTiuAhl+sx2DQf3EVxD8EpCwzFqXtF3AQD9Nf9OFJ2Cchwuz8Q5VDBoRFhP\n" - "4p/hGWqAsmRSZlxdQQf/Q5R15CMDtCrZnuSeptfgdZUfB0gi0aYeKE2TWto5JEVP\n" - "i24IXSF2l1qF9IM2i9Fv7FBwZuLQj6s+vOsq0TSATvaTGdCpvqKOCHKBZtfqD/rv\n" - "XJ5o3oEOtDzXdxrW1f8yVbSeWRGT2iNDPNYCnz4d+njAK1q21Qs1TRC/MKPP2EqB\n" - "fjy7VE0k4mFCOCLqfEnEh5hmBzegNo6+pq/i7VHuDG/w6oMUILsf+IM+JlRqeTtJ\n" - "iDDj6yVxBdW/0jSn8Wb2CeJ+S9Jf8zLeOaxtNuD9MbRG4KjnGzmh256FpA3S8E6x\n" - "ffx7LdqHGkIPEf9wFY5+7C70fbfLvIbYcFf6UdGofAf+I/NtpVMVm1ZbINIcky24\n" - "T0Y8NtYY4UsGaq5Lv+YQZc8DzGvjTCUMVcfPTn0g2C2l/nv3H+Po5QOjXgCGmq2U\n" - "NtoJ/GYr/lrN0j7GCLXWyJCWpAv0VqkzFX5HtiuC1/3R8ONpb0wtGcKaVPYm3jZM\n" - "fZLKlqG+yZABldKgVOoTmvWEsGQhP+OKho8grmiaAqOVHSfd9qofMH/V53wH03JB\n" - "E5BqdQR6mP2Jq/q8OLlg8VrlSWLi+0dFP1QrNN0u87UBQ9FtpYnRnF0k/3tFdTQL\n" - "GfjE9BdBO3vwSPg8EEQKUDxgeL5RoQT1ANi/iXBxfYoULVNQysTPwXIg9YauTU0f\n" - "V7QJbG9jYWxob3N0iHoEExEIACIFAk1/6bQCGyMGCwkIBwMCBhUIAgkKCwQWAgMB\n" - "Ah4BAheAAAoJEHv/KcoLO9+4imwA/3z+QK0W9yffh/yFKRYYyfyLyF+q/ECKhXn8\n" - "fb4TUc9CAP9fGN3pHujv2Upk9d3igY2w7jIuO78PA8dRfIKs5QEXFrkDLgRNf+m0\n" - "EQgAqJc+Kyx+F5Ol4nTQlddVhw0sLUeM+bOWvxIiZUSjkwFQ4Qu32a1JelJ8ne12\n" - "pBIwvXA9/oa/JyDh14iFoxO4u1aBJUheVo0yeRupjo92gU6bwbLTZHJlTqRo0vne\n" - "dYpPCnVez5CNSJB9TMugZLygG4/WO3zcBjLgkR/wrebb3tKAmS/RMUuBpFxGjNnL\n" - "MZOzCqB4LPFQECErOWpg6ddwLXwtP4VjaBE9RYP1uVP1Bhyc28LMQjQW1l5vzVcN\n" - "0DQmyBA6WX2QBeiVrALrxGq1CdcACIyYw6zzch6J2pB5IumH+IOHQMc4r67dZjIS\n" - "ISS8T9Xit251J0ssilw4m3rZzwEApK4jhYn2R1KS2ihLlb+7h01YVcUA1sG6Kj4s\n" - "Oxk3zlEH/RWZurelE5gMT6M3GGe6WTkE1PEBtlnvZvMQu+rllxe/rIQkp5JkHOjP\n" - "tEX/Wi68ET7yMKDjIQq9joFnRI70scPf3a2MHwc0OL7PGdf13PUmUwOwlqcP4Rme\n" - "kA2MpDDl9Qn9pT40fUZLoR0lVusJNbrC8fW9MIcg/JAFp7U/zxnbZUESTF0+k486\n" - "bF6q5QK4kaHjoUOvzX0encs+0xY7tAY+cSgQkn37z2G/K5OUMQXUQ7hQ+LRvQNM/\n" - "qXRjwsBuW+4D+4bglGLJxT9PINiZ8cgbfCF6E9B+QmsY7KSVYYB955LsCi+8G/tq\n" - "wdmHDYAKV9OXZfb54UKqLh3R0JkdMpEH/0rPbsxhwFXLE+ixAs5HTu0ILXwj6uCR\n" - "9PGBR6skB8ONfaXAtq+92O/4aegCxbC9SNWuTvYBKkBdMGSGcO7LwvwjUA2kujEV\n" - "66In56DCQJS+K19AR+fRYPro8+MavAQlirEK1uOjidoKykVziqO7B6Z4DAaZZBDP\n" - "h8HwYANauwlfapGuZ5/rLPNCFi5VEJjX/9t0ECCgPOOEK8qWA5ljw35K6W/3CVX7\n" - "hKNflAx1BGBr0GfrJo/EsneeBEsKPk/hge5uPr+wkDqdXq/7qxCSHhT3OQpiOW65\n" - "dyBX/44XAVQaWtf6DJc84nWDYsCgscEZzGAUyBY8Fw9S7We5OFLNcYWIwQQYEQgA\n" - "CQUCTX/ptAIbIgBqCRB7/ynKCzvfuF8gBBkRCAAGBQJNf+m0AAoJEEPv0WrPxcc9\n" - "aJwA/0zWQ0RfRhlC1nbf7ISEOF36WQjslGKXjf6z6rSNgphoAP4119FDX9jaW0B8\n" - "HL9p+XRZTOTSo5GMLUTH5zo+zpTbB2cxAP9moc/i1z2D8AXTnUk7YfSm+o7rFThu\n" - "2Cx0oO7h1g0MjQD6A/6e68DhK9altb/xqtHeG0jbLmvFRtkC0zu7WZjvSbc=\n" - "=v3gg\n" "-----END PGP PUBLIC KEY BLOCK-----\n"; - -const gnutls_datum_t cert2048 = { cert2048_txt, sizeof(cert2048_txt) }; - -static unsigned char key2048_txt[] = - "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" - "Version: GnuPG v1.4.10 (GNU/Linux)\n" - "Comment: Test key for GnuTLS\n" - "\n" - "lQNTBE1/6bQRCAD8TQlwbkkX3bLJvemSA/BqT/z0OrJsuXKFQqK5Pp0BRTwC4iCg\n" - "wnUFrr012up66YTzaA0aQpkf48gqxZ1XTGZtZ13+aAArChqKiffR7OS+BnROd+D3\n" - "NkPF0tWDAqRFsybIej1GcdSyPw+neExSfoeYzNpUW9oX2iLh5QZC/xt++kE8tOr8\n" - "BXiDW/+rudjf8Rc0ZI10vi12rb64eYd7szE49crS2YsjqarnncN+J7RX3jSifKrZ\n" - "XqP/F5s/0a1Nfd4xQU2fsnbQwiIuKTQjU6BHD/2ILnhZImEUn4KqZvbEt6yIJiLy\n" - "u+KerhTiuAhl+sx2DQf3EVxD8EpCwzFqXtF3AQD9Nf9OFJ2Cchwuz8Q5VDBoRFhP\n" - "4p/hGWqAsmRSZlxdQQf/Q5R15CMDtCrZnuSeptfgdZUfB0gi0aYeKE2TWto5JEVP\n" - "i24IXSF2l1qF9IM2i9Fv7FBwZuLQj6s+vOsq0TSATvaTGdCpvqKOCHKBZtfqD/rv\n" - "XJ5o3oEOtDzXdxrW1f8yVbSeWRGT2iNDPNYCnz4d+njAK1q21Qs1TRC/MKPP2EqB\n" - "fjy7VE0k4mFCOCLqfEnEh5hmBzegNo6+pq/i7VHuDG/w6oMUILsf+IM+JlRqeTtJ\n" - "iDDj6yVxBdW/0jSn8Wb2CeJ+S9Jf8zLeOaxtNuD9MbRG4KjnGzmh256FpA3S8E6x\n" - "ffx7LdqHGkIPEf9wFY5+7C70fbfLvIbYcFf6UdGofAf+I/NtpVMVm1ZbINIcky24\n" - "T0Y8NtYY4UsGaq5Lv+YQZc8DzGvjTCUMVcfPTn0g2C2l/nv3H+Po5QOjXgCGmq2U\n" - "NtoJ/GYr/lrN0j7GCLXWyJCWpAv0VqkzFX5HtiuC1/3R8ONpb0wtGcKaVPYm3jZM\n" - "fZLKlqG+yZABldKgVOoTmvWEsGQhP+OKho8grmiaAqOVHSfd9qofMH/V53wH03JB\n" - "E5BqdQR6mP2Jq/q8OLlg8VrlSWLi+0dFP1QrNN0u87UBQ9FtpYnRnF0k/3tFdTQL\n" - "GfjE9BdBO3vwSPg8EEQKUDxgeL5RoQT1ANi/iXBxfYoULVNQysTPwXIg9YauTU0f\n" - "VwAA/RnOgKKKmJo6d4E+mAa0Pl1QKayWKgSsDoww0kUoUTgHDU20CWxvY2FsaG9z\n" - "dIh6BBMRCAAiBQJNf+m0AhsjBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRB7\n" - "/ynKCzvfuIpsAP98/kCtFvcn34f8hSkWGMn8i8hfqvxAioV5/H2+E1HPQgD/Xxjd\n" - "6R7o79lKZPXd4oGNsO4yLju/DwPHUXyCrOUBFxadA1METX/ptBEIAKiXPissfheT\n" - "peJ00JXXVYcNLC1HjPmzlr8SImVEo5MBUOELt9mtSXpSfJ3tdqQSML1wPf6Gvycg\n" - "4deIhaMTuLtWgSVIXlaNMnkbqY6PdoFOm8Gy02RyZU6kaNL53nWKTwp1Xs+QjUiQ\n" - "fUzLoGS8oBuP1jt83AYy4JEf8K3m297SgJkv0TFLgaRcRozZyzGTswqgeCzxUBAh\n" - "KzlqYOnXcC18LT+FY2gRPUWD9blT9QYcnNvCzEI0FtZeb81XDdA0JsgQOll9kAXo\n" - "lawC68RqtQnXAAiMmMOs83IeidqQeSLph/iDh0DHOK+u3WYyEiEkvE/V4rdudSdL\n" - "LIpcOJt62c8BAKSuI4WJ9kdSktooS5W/u4dNWFXFANbBuio+LDsZN85RB/0Vmbq3\n" - "pROYDE+jNxhnulk5BNTxAbZZ72bzELvq5ZcXv6yEJKeSZBzoz7RF/1ouvBE+8jCg\n" - "4yEKvY6BZ0SO9LHD392tjB8HNDi+zxnX9dz1JlMDsJanD+EZnpANjKQw5fUJ/aU+\n" - "NH1GS6EdJVbrCTW6wvH1vTCHIPyQBae1P88Z22VBEkxdPpOPOmxequUCuJGh46FD\n" - "r819Hp3LPtMWO7QGPnEoEJJ9+89hvyuTlDEF1EO4UPi0b0DTP6l0Y8LAblvuA/uG\n" - "4JRiycU/TyDYmfHIG3whehPQfkJrGOyklWGAfeeS7AovvBv7asHZhw2AClfTl2X2\n" - "+eFCqi4d0dCZHTKRB/9Kz27MYcBVyxPosQLOR07tCC18I+rgkfTxgUerJAfDjX2l\n" - "wLavvdjv+GnoAsWwvUjVrk72ASpAXTBkhnDuy8L8I1ANpLoxFeuiJ+egwkCUvitf\n" - "QEfn0WD66PPjGrwEJYqxCtbjo4naCspFc4qjuwemeAwGmWQQz4fB8GADWrsJX2qR\n" - "rmef6yzzQhYuVRCY1//bdBAgoDzjhCvKlgOZY8N+Sulv9wlV+4SjX5QMdQRga9Bn\n" - "6yaPxLJ3ngRLCj5P4YHubj6/sJA6nV6v+6sQkh4U9zkKYjluuXcgV/+OFwFUGlrX\n" - "+gyXPOJ1g2LAoLHBGcxgFMgWPBcPUu1nuThSzXGFAAEAgj6e0tgxENBORrJkBCl6\n" - "xfV6iTNXa3HDArTNTyURRzEN0YjBBBgRCAAJBQJNf+m0AhsiAGoJEHv/KcoLO9+4\n" - "XyAEGREIAAYFAk1/6bQACgkQQ+/Ras/Fxz1onAD/W3lWDopZrH9R66tiyjYOX4sV\n" - "b1SoPlKRJngsHouxc4oA/RYoFGrhoY+nL22eza/Ku/SUnVrufZ/jIvQakhpmrLD/\n" - "ZzEBAJ1w0ez3wUJbsfGlWBkb16pYpIh68/qvTTj84v5N0picAQC1p8JjouN88BJw\n" - "9UquUquXdK1TY965biHIQ70uaOU4Hw==\n" - "=Rrkw\n" "-----END PGP PRIVATE KEY BLOCK-----\n"; - -const gnutls_datum_t key2048 = { key2048_txt, sizeof(key2048_txt) }; - - -static void server(int sds[]) -{ - int j; - /* this must be called once in the program - */ - global_init(); - - gnutls_global_set_log_function(tls_log_func); - if (debug) - gnutls_global_set_log_level(5); - - if (debug) - success("Launched, setting DH parameters...\n"); - - generate_dh_params(); - - for (j = 0; j < SESSIONS; j++) { - int sd = sds[j]; - - if (j == 0) { - gnutls_certificate_allocate_credentials(&pgp_cred); - ret = - gnutls_certificate_set_openpgp_key_mem2 - (pgp_cred, &server_crt, &server_key, "auto", - GNUTLS_OPENPGP_FMT_BASE64); - } else { - gnutls_certificate_free_credentials(pgp_cred); - gnutls_certificate_allocate_credentials(&pgp_cred); - ret = - gnutls_certificate_set_openpgp_key_mem2 - (pgp_cred, &cert2048, &key2048, "auto", - GNUTLS_OPENPGP_FMT_BASE64); - } - - if (ret < 0) { - fail("Could not set server key files...\n"); - goto end; - } - - gnutls_certificate_set_dh_params(pgp_cred, dh_params); - - session = initialize_tls_session(); - - gnutls_transport_set_int(session, sd); - gnutls_handshake_set_timeout(session, 20 * 1000); - - ret = gnutls_handshake(session); - if (ret < 0) { - close(sd); - gnutls_deinit(session); - fail("server: Handshake %d has failed (%s)\n\n", - j, gnutls_strerror(ret)); - goto end; - } - if (debug) - success("server: Handshake %d was completed\n", j); - - if (debug) - success("server: TLS version is: %s\n", - gnutls_protocol_get_name - (gnutls_protocol_get_version(session))); - - /* see the Getting peer's information example */ - if (debug) - print_info(session); - - for (;;) { - memset(buffer, 0, MAX_BUF + 1); - ret = gnutls_record_recv(session, buffer, MAX_BUF); - - if (ret == 0) { - if (debug) - success - ("server: Peer has closed the GnuTLS connection\n"); - break; - } else if (ret < 0) { - fail("server: Received corrupted data(%d). Closing...\n", ret); - goto end; - } else if (ret > 0) { - /* echo data back to the client - */ - gnutls_record_send(session, buffer, - strlen(buffer)); - } - } - /* do not wait for the peer to close the connection. - */ - gnutls_bye(session, GNUTLS_SHUT_WR); - - close(sd); - gnutls_deinit(session); - } - - end: - gnutls_certificate_free_credentials(pgp_cred); - - gnutls_dh_params_deinit(dh_params); - - gnutls_global_deinit(); - - if (debug) - success("server: finished\n"); -} - -void doit(void) -{ - int client_sds[SESSIONS], server_sds[SESSIONS]; - int i; - - for (i = 0; i < SESSIONS; i++) { - int sockets[2]; - - err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); - if (err == -1) { - perror("socketpair"); - fail("socketpair failed\n"); - return; - } - - server_sds[i] = sockets[0]; - client_sds[i] = sockets[1]; - } - - child = fork(); - if (child < 0) { - perror("fork"); - fail("fork"); - return; - } - - if (child) { - int status; - /* parent */ - server(server_sds); - wait(&status); - } else - client(client_sds); -} - -#endif /* _WIN32 */ diff --git a/tests/priority-set.c b/tests/priority-set.c index ccbd3955d9..63f61dd01d 100644 --- a/tests/priority-set.c +++ b/tests/priority-set.c @@ -112,7 +112,7 @@ void doit(void) if (ret < 0) exit(1); - gnutls_priority_set_direct(client, "NORMAL", NULL); + assert(gnutls_priority_set_direct(client, "NORMAL", NULL)>=0); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); diff --git a/tests/psk-file.c b/tests/psk-file.c index b592cc3f6c..ee6f8c533e 100644 --- a/tests/psk-file.c +++ b/tests/psk-file.c @@ -47,6 +47,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #endif #include <unistd.h> +#include <assert.h> #include <gnutls/gnutls.h> #include "utils.h" @@ -64,7 +65,7 @@ static void tls_log_func(int level, const char *str) #define MAX_BUF 1024 #define MSG "Hello TLS" -static void client(int sd, const char *user) +static void client(int sd, const char *prio, const char *user, unsigned expect_fail) { int ret, ii; gnutls_session_t session; @@ -90,7 +91,7 @@ static void client(int sd, const char *user) gnutls_init(&session, GNUTLS_CLIENT); /* Use default priorities */ - gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+PSK", NULL); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); /* put the anonymous credentials to the current session */ @@ -103,7 +104,8 @@ static void client(int sd, const char *user) ret = gnutls_handshake(session); if (ret < 0) { - fail("client: Handshake failed\n"); + if (!expect_fail) + fail("client: Handshake failed\n"); gnutls_perror(ret); goto end; } else { @@ -157,13 +159,13 @@ static void client(int sd, const char *user) #define MAX_BUF 1024 -static void server(int sd, const char *user, unsigned expect_fail) +static void server(int sd, const char *prio, const char *user, unsigned expect_fail) { -gnutls_psk_server_credentials_t server_pskcred; -int ret; -gnutls_session_t session; -char buffer[MAX_BUF + 1]; -char *psk_file = getenv("PSK_FILE"); + gnutls_psk_server_credentials_t server_pskcred; + int ret; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + char *psk_file = getenv("PSK_FILE"); /* this must be called once in the program */ @@ -188,10 +190,7 @@ char *psk_file = getenv("PSK_FILE"); gnutls_init(&session, GNUTLS_SERVER); - /* avoid calling all the priority functions, since the defaults - * are adequate. - */ - gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+PSK", NULL); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred); @@ -252,12 +251,14 @@ char *psk_file = getenv("PSK_FILE"); } static -void run_test(const char *user, unsigned expect_fail) +void run_test(const char *prio, const char *user, unsigned expect_fail) { pid_t child; int err; int sockets[2]; + success("trying %s / user:%s\n", prio, user); + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); if (err == -1) { perror("socketpair"); @@ -276,18 +277,22 @@ void run_test(const char *user, unsigned expect_fail) close(sockets[1]); int status; /* parent */ - server(sockets[0], user, expect_fail); + server(sockets[0], prio, user, expect_fail); wait(&status); + check_wait_status(status); } else { close(sockets[0]); - client(sockets[1], user); + client(sockets[1], prio, user, expect_fail); + exit(0); } } void doit(void) { - run_test("jas", 0); - run_test("non-hex", 1); + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", "jas", 0); + run_test("NORMAL:-KX-ALL:+PSK", "jas", 0); + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", "non-hex", 1); + run_test("NORMAL:-KX-ALL:+PSK", "non-hex", 1); } #endif /* _WIN32 */ diff --git a/tests/pskself.c b/tests/pskself.c index 9a2190587c..293cb59561 100644 --- a/tests/pskself.c +++ b/tests/pskself.c @@ -297,10 +297,14 @@ void run_test(const char *prio) if (child) { int status; /* parent */ + close(sockets[1]); server(sockets[0], prio); wait(&status); + check_wait_status(status); } else { + close(sockets[0]); client(sockets[1], prio); + exit(0); } } @@ -308,6 +312,10 @@ void doit(void) { generate_dh_params(); + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK"); + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-PSK"); + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-PSK"); + run_test("NORMAL:-KX-ALL:+PSK"); run_test("NORMAL:-KX-ALL:+ECDHE-PSK"); run_test("NORMAL:-KX-ALL:+DHE-PSK"); diff --git a/tests/record-timeouts.c b/tests/record-timeouts.c index 9e82c460f2..fd9a9994fd 100644 --- a/tests/record-timeouts.c +++ b/tests/record-timeouts.c @@ -28,8 +28,10 @@ #include <stdlib.h> #include <string.h> #include <errno.h> +#include <assert.h> #include <gnutls/gnutls.h> #include "eagain-common.h" +#include "cert-common.h" #include "utils.h" @@ -65,22 +67,21 @@ static int pull_timeout_func(gnutls_transport_ptr_t ptr, unsigned int ms) #define MAX_VALS 4 static const int vals[MAX_VALS] = {0, 1000, 5000, GNUTLS_INDEFINITE_TIMEOUT}; -void doit(void) +static void start(const char *prio) { /* Server stuff. */ - gnutls_anon_server_credentials_t s_anoncred; - const gnutls_datum_t p3 = - { (unsigned char *) pkcs3, strlen(pkcs3) }; - static gnutls_dh_params_t dh_params; + gnutls_certificate_credentials_t serverx509cred; gnutls_session_t server; int sret = GNUTLS_E_AGAIN; /* Client stuff. */ - gnutls_anon_client_credentials_t c_anoncred; + gnutls_certificate_credentials_t clientx509cred; gnutls_session_t client; int cret = GNUTLS_E_AGAIN, i; /* Need to enable anonymous KX specifically. */ int transferred = 0; + success("trying %s\n", prio); + /* General init. */ global_init(); gnutls_global_set_log_function(tls_log_func); @@ -88,26 +89,26 @@ void doit(void) gnutls_global_set_log_level(4711); /* Init server */ - gnutls_anon_allocate_server_credentials(&s_anoncred); - gnutls_dh_params_init(&dh_params); - gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); - gnutls_anon_set_server_dh_params(s_anoncred, dh_params); + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_init(&server, GNUTLS_SERVER); - gnutls_priority_set_direct(server, - "NORMAL:+ANON-DH:+ANON-ECDH", - NULL); - gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); + + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + assert(gnutls_priority_set_direct(server, prio, NULL) >= 0); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); /* Init client */ - gnutls_anon_allocate_client_credentials(&c_anoncred); + assert(gnutls_certificate_allocate_credentials(&clientx509cred)>=0); gnutls_init(&client, GNUTLS_CLIENT); - gnutls_priority_set_direct(client, - "NORMAL:+ANON-DH:+ANON-ECDH", - NULL); - gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); + assert(gnutls_priority_set_direct(client, prio, NULL) >= 0); + assert(gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred)>=0); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_pull_timeout_function(client, pull_timeout_func); @@ -146,11 +147,16 @@ void doit(void) gnutls_deinit(client); gnutls_deinit(server); - gnutls_anon_free_client_credentials(c_anoncred); - gnutls_anon_free_server_credentials(s_anoncred); - - gnutls_dh_params_deinit(dh_params); + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); gnutls_global_deinit(); + reset_buffers(); } +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} diff --git a/tests/recv-data-before-handshake.c b/tests/recv-data-before-handshake.c index 27dda811bf..0aedfca47b 100644 --- a/tests/recv-data-before-handshake.c +++ b/tests/recv-data-before-handshake.c @@ -46,6 +46,7 @@ int main() #include <gnutls/gnutls.h> #include <gnutls/dtls.h> #include <signal.h> +#include <assert.h> #include "cert-common.h" #include "utils.h" @@ -93,7 +94,7 @@ static int handshake_callback(gnutls_session_t session, unsigned int htype, #define MAX_BUF 1024 -static void client(int fd) +static void client(int fd, const char *prio) { int ret; char buffer[MAX_BUF + 1]; @@ -112,10 +113,9 @@ static void client(int fd) /* Initialize TLS session */ - gnutls_init(&session, GNUTLS_CLIENT); + assert(gnutls_init(&session, GNUTLS_CLIENT)>=0); - /* Use default priorities */ - gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+ECDHE-RSA", NULL); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_PRE, @@ -190,7 +190,7 @@ static void terminate(void) exit(1); } -static void server(int fd) +static void server(int fd, const char *prio) { int ret; char buffer[MAX_BUF + 1]; @@ -212,12 +212,12 @@ static void server(int fd) &server_key, GNUTLS_X509_FMT_PEM); - gnutls_init(&session, GNUTLS_SERVER); + assert(gnutls_init(&session, GNUTLS_SERVER)>=0); /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, "NORMAL", NULL); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); @@ -261,11 +261,13 @@ static void ch_handler(int sig) return; } -void doit(void) +static +void start(const char *prio) { int fd[2]; int ret, status = 0; + success("trying %s\n", prio); signal(SIGCHLD, ch_handler); signal(SIGPIPE, SIG_IGN); @@ -285,14 +287,21 @@ void doit(void) if (child) { /* parent */ close(fd[1]); - client(fd[0]); + client(fd[0], prio); waitpid(child, &status, 0); check_wait_status(status); } else { close(fd[0]); - server(fd[1]); + server(fd[1], prio); exit(0); } } +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} + #endif /* _WIN32 */ diff --git a/tests/rehandshake-ext-secret.c b/tests/rehandshake-ext-secret.c index 86d269d4b2..4532f306bf 100644 --- a/tests/rehandshake-ext-secret.c +++ b/tests/rehandshake-ext-secret.c @@ -73,7 +73,7 @@ static void try(unsigned onclient) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_priority_set_direct(server, "NORMAL", NULL); + gnutls_priority_set_direct(server, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); @@ -83,7 +83,7 @@ static void try(unsigned onclient) gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); - gnutls_priority_set_direct(client, "NORMAL", NULL); + gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); @@ -107,9 +107,9 @@ static void try(unsigned onclient) } if (onclient) - gnutls_priority_set_direct(client, "NORMAL:%NO_SESSION_HASH", NULL); + gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2:%NO_SESSION_HASH", NULL); else - gnutls_priority_set_direct(server, "NORMAL:%NO_SESSION_HASH", NULL); + gnutls_priority_set_direct(server, "NORMAL:-VERS-ALL:+VERS-TLS1.2:%NO_SESSION_HASH", NULL); sret = gnutls_rehandshake(server); if (debug) { diff --git a/tests/rehandshake-switch-cert-allow.c b/tests/rehandshake-switch-cert-allow.c index a31597e5f1..c657078689 100644 --- a/tests/rehandshake-switch-cert-allow.c +++ b/tests/rehandshake-switch-cert-allow.c @@ -84,7 +84,7 @@ static void try(void) serverx509cred); gnutls_priority_set_direct(server, - "NORMAL", + "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -109,7 +109,7 @@ static void try(void) if (ret < 0) exit(1); - ret = gnutls_priority_set_direct(client, "NORMAL:-KX-ALL:+RSA", NULL); + ret = gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA", NULL); if (ret < 0) exit(1); diff --git a/tests/rehandshake-switch-cert-client-allow.c b/tests/rehandshake-switch-cert-client-allow.c index 367fda8c58..a95be20929 100644 --- a/tests/rehandshake-switch-cert-client-allow.c +++ b/tests/rehandshake-switch-cert-client-allow.c @@ -81,7 +81,7 @@ static void try(void) serverx509cred); gnutls_priority_set_direct(server, - "NORMAL", + "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -122,7 +122,7 @@ static void try(void) if (ret < 0) exit(1); - ret = gnutls_priority_set_direct(client, "NORMAL:-KX-ALL:+RSA", NULL); + ret = gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA", NULL); if (ret < 0) exit(1); diff --git a/tests/rehandshake-switch-cert-client.c b/tests/rehandshake-switch-cert-client.c index 7c28a2fa96..b6e17bc4de 100644 --- a/tests/rehandshake-switch-cert-client.c +++ b/tests/rehandshake-switch-cert-client.c @@ -81,7 +81,7 @@ static void try(void) serverx509cred); gnutls_priority_set_direct(server, - "NORMAL", + "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -122,7 +122,7 @@ static void try(void) if (ret < 0) exit(1); - ret = gnutls_priority_set_direct(client, "NORMAL:-KX-ALL:+RSA", NULL); + ret = gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA", NULL); if (ret < 0) exit(1); diff --git a/tests/rehandshake-switch-cert.c b/tests/rehandshake-switch-cert.c index bb71e620e5..c4c2c6c1dc 100644 --- a/tests/rehandshake-switch-cert.c +++ b/tests/rehandshake-switch-cert.c @@ -84,7 +84,7 @@ static void try(void) serverx509cred); gnutls_priority_set_direct(server, - "NORMAL", + "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -109,7 +109,7 @@ static void try(void) if (ret < 0) exit(1); - ret = gnutls_priority_set_direct(client, "NORMAL:-KX-ALL:+RSA", NULL); + ret = gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA", NULL); if (ret < 0) exit(1); diff --git a/tests/rehandshake-switch-psk-id.c b/tests/rehandshake-switch-psk-id.c index ebe4c10eed..c8beec13f1 100644 --- a/tests/rehandshake-switch-psk-id.c +++ b/tests/rehandshake-switch-psk-id.c @@ -173,19 +173,19 @@ void doit(void) global_init(); /* Allow change of ID */ - try("NORMAL:-KX-ALL:+PSK", GNUTLS_KX_PSK, 0); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", GNUTLS_KX_PSK, 0); reset_buffers(); - try("NORMAL:-KX-ALL:+DHE-PSK", GNUTLS_KX_DHE_PSK, 0); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-PSK", GNUTLS_KX_DHE_PSK, 0); reset_buffers(); - try("NORMAL:-KX-ALL:+ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, 0); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, 0); reset_buffers(); /* Prohibit (default) change of ID */ - try("NORMAL:-KX-ALL:+PSK", GNUTLS_KX_PSK, 1); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", GNUTLS_KX_PSK, 1); reset_buffers(); - try("NORMAL:-KX-ALL:+DHE-PSK", GNUTLS_KX_DHE_PSK, 1); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-PSK", GNUTLS_KX_DHE_PSK, 1); reset_buffers(); - try("NORMAL:-KX-ALL:+ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, 1); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, 1); reset_buffers(); gnutls_global_deinit(); } diff --git a/tests/rehandshake-switch-srp-id.c b/tests/rehandshake-switch-srp-id.c index 91de6fc96e..0b5608505a 100644 --- a/tests/rehandshake-switch-srp-id.c +++ b/tests/rehandshake-switch-srp-id.c @@ -257,15 +257,15 @@ void doit(void) { global_init(); /* Allow change of ID */ - try("NORMAL:-KX-ALL:+SRP", GNUTLS_KX_SRP, 0); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", GNUTLS_KX_SRP, 0); reset_buffers(); - try("NORMAL:-KX-ALL:+SRP-RSA", GNUTLS_KX_SRP_RSA, 0); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP-RSA", GNUTLS_KX_SRP_RSA, 0); reset_buffers(); /* Prohibit (default) change of ID */ - try("NORMAL:-KX-ALL:+SRP", GNUTLS_KX_SRP, 1); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", GNUTLS_KX_SRP, 1); reset_buffers(); - try("NORMAL:-KX-ALL:+SRP-RSA", GNUTLS_KX_SRP_RSA, 1); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP-RSA", GNUTLS_KX_SRP_RSA, 1); reset_buffers(); gnutls_global_deinit(); } diff --git a/tests/rsa-psk-cb.c b/tests/rsa-psk-cb.c index e7223f2d36..6919f7209a 100644 --- a/tests/rsa-psk-cb.c +++ b/tests/rsa-psk-cb.c @@ -22,7 +22,7 @@ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ -/* Parts copied from GnuTLS example programs. */ +/* Tests the RSA-PSK ciphersuites under TLS1.2 */ #ifdef HAVE_CONFIG_H #include <config.h> @@ -108,8 +108,8 @@ static void client(int sd) gnutls_init(&session, GNUTLS_CLIENT); /* Use default priorities */ - gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+RSA-PSK", - NULL); + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA-PSK", + NULL)>=0); /* put the anonymous credentials to the current session */ @@ -228,8 +228,8 @@ static void server(int sd) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+RSA-PSK", - NULL); + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA-PSK", + NULL)>=0); gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred); @@ -309,10 +309,15 @@ void doit(void) if (child) { int status; /* parent */ + close(sockets[1]); server(sockets[0]); wait(&status); - } else + check_wait_status(status); + } else { + close(sockets[0]); client(sockets[1]); + exit(0); + } } #endif /* _WIN32 */ diff --git a/tests/rsa-psk.c b/tests/rsa-psk.c index aeaa306600..b86a9c6021 100644 --- a/tests/rsa-psk.c +++ b/tests/rsa-psk.c @@ -22,7 +22,7 @@ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ -/* Parts copied from GnuTLS example programs. */ +/* Tests the RSA-PSK ciphersuites under TLS1.2 */ #ifdef HAVE_CONFIG_H #include <config.h> @@ -92,7 +92,7 @@ static void client(int sd) gnutls_init(&session, GNUTLS_CLIENT); /* Use default priorities */ - gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+RSA-PSK", + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA-PSK", NULL); /* put the anonymous credentials to the current session @@ -212,7 +212,7 @@ static void server(int sd) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+RSA-PSK", + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA-PSK", NULL); @@ -293,10 +293,15 @@ void doit(void) if (child) { int status; /* parent */ + close(sockets[1]); server(sockets[0]); wait(&status); - } else + check_wait_status(status); + } else { + close(sockets[0]); client(sockets[1]); + exit(0); + } } #endif /* _WIN32 */ diff --git a/tests/send-client-cert.c b/tests/send-client-cert.c index 33cce4a861..90809ba6cc 100644 --- a/tests/send-client-cert.c +++ b/tests/send-client-cert.c @@ -28,6 +28,7 @@ #include <stdlib.h> #include <string.h> #include <errno.h> +#include <assert.h> #include <gnutls/gnutls.h> #include "utils.h" #include "eagain-common.h" @@ -54,7 +55,7 @@ enum { NO_CA = 3 }; -static void try(unsigned expect, unsigned ca_type) +static void try(const char *prio, unsigned expect, unsigned ca_type) { int ret; /* Server stuff. */ @@ -105,9 +106,7 @@ static void try(unsigned expect, unsigned ca_type) gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_priority_set_direct(server, - "NORMAL", - NULL); + assert(gnutls_priority_set_direct(server, prio, NULL) >= 0); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); @@ -142,7 +141,7 @@ static void try(unsigned expect, unsigned ca_type) if (ret < 0) exit(1); - ret = gnutls_priority_set_direct(client, "NORMAL", NULL); + ret = gnutls_priority_set_direct(client, prio, NULL); if (ret < 0) exit(1); @@ -174,13 +173,22 @@ static void try(unsigned expect, unsigned ca_type) gnutls_dh_params_deinit(dh_params); } -void doit(void) +void start(const char *prio) { global_init(); - try(SENT, NO_CA); - try(SENT, CORRECT_CA); - try(NOT_SENT, INCORRECT_CA); - try(SENT, INCORRECT_CA_FORCE); + success("trying %s\n", prio); + + try(prio, SENT, NO_CA); + try(prio, SENT, CORRECT_CA); + try(prio, NOT_SENT, INCORRECT_CA); + try(prio, SENT, INCORRECT_CA_FORCE); gnutls_global_deinit(); } + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} diff --git a/tests/send-data-before-handshake.c b/tests/send-data-before-handshake.c index c127439c99..53c60aadf5 100644 --- a/tests/send-data-before-handshake.c +++ b/tests/send-data-before-handshake.c @@ -46,6 +46,7 @@ int main() #include <gnutls/gnutls.h> #include <gnutls/dtls.h> #include <signal.h> +#include <assert.h> #include "cert-common.h" #include "utils.h" @@ -89,7 +90,7 @@ static int handshake_callback(gnutls_session_t session, unsigned int htype, #define MAX_BUF 1024 -static void client(int fd) +static void client(int fd, const char *prio) { int ret; char buffer[MAX_BUF + 1]; @@ -110,8 +111,7 @@ static void client(int fd) */ gnutls_init(&session, GNUTLS_CLIENT); - /* Use default priorities */ - gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+ECDHE-RSA", NULL); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_PRE, @@ -186,7 +186,7 @@ static void terminate(void) exit(1); } -static void server(int fd) +static void server(int fd, const char *prio) { int ret; char buffer[MAX_BUF + 1]; @@ -210,10 +210,7 @@ static void server(int fd) gnutls_init(&session, GNUTLS_SERVER); - /* avoid calling all the priority functions, since the defaults - * are adequate. - */ - gnutls_priority_set_direct(session, "NORMAL", NULL); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); @@ -257,11 +254,14 @@ static void ch_handler(int sig) return; } -void doit(void) +static +void start(const char *prio) { int fd[2]; int ret, status = 0; + success("trying %s\n", prio); + signal(SIGCHLD, ch_handler); signal(SIGPIPE, SIG_IGN); @@ -281,14 +281,21 @@ void doit(void) if (child) { /* parent */ close(fd[1]); - client(fd[0]); + client(fd[0], prio); waitpid(child, &status, 0); check_wait_status(status); } else { close(fd[0]); - server(fd[1]); + server(fd[1], prio); exit(0); } } +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} + #endif /* _WIN32 */ diff --git a/tests/server-sign-md5-rep.c b/tests/server-sign-md5-rep.c index 4c80be3d37..99ca622613 100644 --- a/tests/server-sign-md5-rep.c +++ b/tests/server-sign-md5-rep.c @@ -49,6 +49,7 @@ int main(int argc, char **argv) #include <signal.h> #include <poll.h> #include <errno.h> +#include <assert.h> #include "utils.h" #include "cert-common.h" @@ -156,7 +157,7 @@ static void server(int sd) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, "NORMAL:-RSA", NULL); + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-RSA", NULL)>=0); gnutls_handshake_set_timeout(session, 20 * 1000); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); diff --git a/tests/session-export-funcs.c b/tests/session-export-funcs.c index 65b554277f..5bf8201611 100644 --- a/tests/session-export-funcs.c +++ b/tests/session-export-funcs.c @@ -28,6 +28,7 @@ #include <stdlib.h> #include <string.h> #include <errno.h> +#include <assert.h> #include <gnutls/gnutls.h> #include "utils.h" #include "eagain-common.h" @@ -44,10 +45,9 @@ static void tls_log_func(int level, const char *str) fprintf(stderr, "%s|<%d>| %s", side, level, str); } -void doit(void) +static +void start(const char *prio) { - global_init(); - int ret; /* Server stuff. */ gnutls_certificate_credentials_t serverx509cred; @@ -61,6 +61,10 @@ void doit(void) char client_random[32]; char server_random[32]; + global_init(); + + success("trying %s\n", prio); + memset(client_random, 1, sizeof(client_random)); memset(server_random, 2, sizeof(server_random)); @@ -79,9 +83,7 @@ void doit(void) gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_priority_set_direct(server, - "NORMAL", - NULL); + assert(gnutls_priority_set_direct(server, prio, NULL)>=0); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_pull_timeout_function(server, @@ -107,7 +109,7 @@ void doit(void) if (ret < 0) exit(1); - ret = gnutls_priority_set_direct(client, "NORMAL", NULL); + ret = gnutls_priority_set_direct(client, prio, NULL); if (ret < 0) exit(1); @@ -179,4 +181,12 @@ void doit(void) gnutls_certificate_free_credentials(clientx509cred); gnutls_global_deinit(); + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); } diff --git a/tests/session-tickets-missing.c b/tests/session-tickets-missing.c index cff4258ed0..0a546491dd 100644 --- a/tests/session-tickets-missing.c +++ b/tests/session-tickets-missing.c @@ -91,7 +91,7 @@ static int handshake_callback(gnutls_session_t session, unsigned int htype, #define MAX_BUF 1024 -static void client(int fd) +static void client(int fd, const char *prio) { int ret; gnutls_certificate_credentials_t x509_cred; @@ -112,8 +112,7 @@ static void client(int fd) */ gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_NO_TICKETS); - /* Use default priorities */ - gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+ECDHE-RSA", NULL); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); /* put the anonymous credentials to the current session */ @@ -169,7 +168,7 @@ static void terminate(void) exit(1); } -static void server(int fd) +static void server(int fd, const char *prio) { int ret; char buffer[MAX_BUF + 1]; @@ -204,7 +203,7 @@ static void server(int fd) /* avoid calling all the priority functions, since the defaults * are adequate. */ - assert(gnutls_priority_set_direct(session, "NORMAL", NULL)>=0); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); @@ -254,11 +253,15 @@ static void ch_handler(int sig) return; } -void doit(void) +static +void start(const char *prio) { int fd[2]; int ret, status = 0; + success("trying %s\n", prio); + + sent = 0; signal(SIGCHLD, ch_handler); signal(SIGPIPE, SIG_IGN); @@ -278,16 +281,23 @@ void doit(void) if (child) { /* parent */ close(fd[1]); - server(fd[0]); + server(fd[0], prio); waitpid(child, &status, 0); check_wait_status(status); } else { close(fd[0]); - client(fd[1]); + client(fd[1], prio); exit(0); } return; } +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} + #endif /* _WIN32 */ diff --git a/tests/session-tickets-ok.c b/tests/session-tickets-ok.c index 6ee7a3eaa9..f33e1967c4 100644 --- a/tests/session-tickets-ok.c +++ b/tests/session-tickets-ok.c @@ -81,7 +81,7 @@ static int handshake_callback(gnutls_session_t session, unsigned int htype, #define MAX_BUF 1024 -static void client(int fd) +static void client(int fd, const char *prio) { int ret; gnutls_certificate_credentials_t x509_cred; @@ -158,7 +158,7 @@ static void terminate(void) exit(1); } -static void server(int fd) +static void server(int fd, const char *prio) { int ret; char buffer[MAX_BUF + 1]; @@ -243,11 +243,14 @@ static void ch_handler(int sig) return; } -void doit(void) +static +void start(const char *prio) { int fd[2]; int ret, status = 0; + sent = 0; + success("trying %s\n", prio); signal(SIGCHLD, ch_handler); signal(SIGPIPE, SIG_IGN); @@ -267,16 +270,23 @@ void doit(void) if (child) { /* parent */ close(fd[1]); - server(fd[0]); + server(fd[0], prio); waitpid(child, &status, 0); check_wait_status(status); } else { close(fd[0]); - client(fd[1]); + client(fd[1], prio); exit(0); } return; } +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} + #endif /* _WIN32 */ diff --git a/tests/set_x509_key_file-late.c b/tests/set_x509_key_file-late.c index d6041655e5..7de1c1fc5e 100644 --- a/tests/set_x509_key_file-late.c +++ b/tests/set_x509_key_file-late.c @@ -103,7 +103,7 @@ static void start(const char *prio) fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); - success("Testing late set of credentials\n"); + success("Testing late set of credentials: %s\n", prio); assert(gnutls_init(&server, GNUTLS_SERVER) >= 0); gnutls_handshake_set_hook_function(server, GNUTLS_HANDSHAKE_CLIENT_HELLO, @@ -141,5 +141,6 @@ static void start(const char *prio) void doit(void) { start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3"); start("NORMAL"); } diff --git a/tests/setcredcrash.c b/tests/setcredcrash.c index 4690c9ed47..02ac0bf77a 100644 --- a/tests/setcredcrash.c +++ b/tests/setcredcrash.c @@ -39,7 +39,7 @@ int main(int argc, char *argv[]) gnutls_anon_allocate_client_credentials(&c_anoncred); gnutls_init(&client, GNUTLS_CLIENT); - gnutls_priority_set_direct(client, "NORMAL", NULL); + gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); /* Test setting the same credential type twice. Earlier GnuTLS had a bug that crashed when this happened. */ diff --git a/tests/srp.c b/tests/srp.c index 9a198ae8dc..9143293f7e 100644 --- a/tests/srp.c +++ b/tests/srp.c @@ -340,15 +340,18 @@ void doit(void) fwrite(tpasswd_file, 1, strlen(tpasswd_file), fd); fclose(fd); + start("srp-1024", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", "test", "test", 0); + start("srp-1536", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", "test2", "test2", 0); + start("srp-2048", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", "test3", "test3", 0); + start("srp-3072", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", "test4", "test4", 0); + start("srp-4096", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", "test5", "test5", 0); + start("srp-8192", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", "test7", "test7", 0); + start("srp-other", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", "test9", "test9", GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); + + start("srp-rsa", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP-RSA", "test", "test", 0); + + /* check whether SRP works with the default protocol set */ start("srp-1024", "NORMAL:-KX-ALL:+SRP", "test", "test", 0); - start("srp-1536", "NORMAL:-KX-ALL:+SRP", "test2", "test2", 0); - start("srp-2048", "NORMAL:-KX-ALL:+SRP", "test3", "test3", 0); - start("srp-3072", "NORMAL:-KX-ALL:+SRP", "test4", "test4", 0); - start("srp-4096", "NORMAL:-KX-ALL:+SRP", "test5", "test5", 0); - start("srp-8192", "NORMAL:-KX-ALL:+SRP", "test7", "test7", 0); - start("srp-other", "NORMAL:-KX-ALL:+SRP", "test9", "test9", GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); - - start("srp-rsa", "NORMAL:-KX-ALL:+SRP-RSA", "test", "test", 0); remove("tpasswd"); remove("tpasswd.conf"); diff --git a/tests/ssl2-hello.c b/tests/ssl2-hello.c index 62cf5e1a1d..084f62c144 100644 --- a/tests/ssl2-hello.c +++ b/tests/ssl2-hello.c @@ -27,8 +27,9 @@ #include <stdio.h> #include <stdlib.h> -/* In this test we check the parsing of SSL 2.0 client hellos. As - * We can only read but not generate we use a fixed hello message +/* In this test we check the parsing of SSL 2.0 client hellos under + * the default protocols. + * As we can only read but not generate we use a fixed hello message * followed by an alert. That way we detect whether the handshake * completed hello parsing and reached the alert message. */ @@ -180,10 +181,15 @@ void doit(void) if (child) { int status; + close(sockets[1]); server(sockets[0]); wait(&status); - } else + check_wait_status(status); + } else { + close(sockets[0]); client(sockets[1]); + exit(0); + } } #endif /* _WIN32 */ diff --git a/tests/status-request.c b/tests/status-request.c index a9cf79ab28..2ab57727cd 100644 --- a/tests/status-request.c +++ b/tests/status-request.c @@ -43,10 +43,12 @@ int main() #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <assert.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> #include <signal.h> +#include "cert-common.h" #include "utils.h" static void terminate(void); @@ -65,48 +67,6 @@ static void client_log_func(int level, const char *str) fprintf(stderr, "client|<%d>| %s", level, str); } -static unsigned char server_cert_pem[] = - "-----BEGIN CERTIFICATE-----\n" - "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" - "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" - "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" - "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" - "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" - "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" - "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" - "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" - "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" - "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" - "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" - "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" - "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; - -const gnutls_datum_t server_cert = { server_cert_pem, - sizeof(server_cert_pem) -}; - -static unsigned char server_key_pem[] = - "-----BEGIN RSA PRIVATE KEY-----\n" - "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" - "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" - "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" - "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" - "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" - "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" - "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" - "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" - "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" - "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" - "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" - "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" - "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" - "-----END RSA PRIVATE KEY-----\n"; - -const gnutls_datum_t server_key = { server_key_pem, - sizeof(server_key_pem) -}; - - static int handshake_callback(gnutls_session_t session, unsigned int htype, unsigned post, unsigned int incoming, const gnutls_datum_t *msg) { @@ -131,13 +91,12 @@ static int status_func(gnutls_session_t session, void *ptr, gnutls_datum_t *resp #define MAX_BUF 1024 -static void client(int fd) +static void client(int fd, const char *prio) { int ret; char buffer[MAX_BUF + 1]; gnutls_certificate_credentials_t x509_cred; gnutls_session_t session; - /* Need to enable anonymous KX specifically. */ global_init(); @@ -152,8 +111,7 @@ static void client(int fd) */ gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_NO_EXTENSIONS); - /* Use default priorities */ - gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+ECDHE-RSA", NULL); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); /* put the anonymous credentials to the current session */ @@ -226,7 +184,7 @@ static void terminate(void) exit(1); } -static void server(int fd) +static void server(int fd, const char *prio) { int ret; char buffer[MAX_BUF + 1]; @@ -256,10 +214,7 @@ static void server(int fd) GNUTLS_HOOK_PRE, handshake_callback); - /* avoid calling all the priority functions, since the defaults - * are adequate. - */ - gnutls_priority_set_direct(session, "NORMAL", NULL); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); @@ -303,11 +258,14 @@ static void ch_handler(int sig) return; } -void doit(void) +static +void start(const char *prio) { int fd[2]; int ret, status = 0; + success("trying %s\n", prio); + signal(SIGCHLD, ch_handler); signal(SIGPIPE, SIG_IGN); @@ -327,14 +285,20 @@ void doit(void) if (child) { /* parent */ close(fd[1]); - client(fd[0]); + client(fd[0], prio); waitpid(child, &status, 0); check_wait_status(status); } else { close(fd[0]); - server(fd[1]); + server(fd[1], prio); exit(0); } } +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} #endif /* _WIN32 */ diff --git a/tests/tls-client-with-seccomp.c b/tests/tls-client-with-seccomp.c index 6a0af66b62..7577317bfd 100644 --- a/tests/tls-client-with-seccomp.c +++ b/tests/tls-client-with-seccomp.c @@ -46,6 +46,7 @@ int main() #include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> +#include <assert.h> #include "cert-common.h" #include "utils.h" @@ -63,7 +64,7 @@ static void client_log_func(int level, const char *str) #define MAX_BUF 1024 -static void client(int fd) +static void client(int fd, const char *prio) { int ret; char buffer[MAX_BUF + 1]; @@ -91,9 +92,9 @@ static void client(int fd) gnutls_handshake_set_timeout(session, 20 * 1000); /* Use default priorities */ - gnutls_priority_set_direct(session, - "NORMAL:-KX-ALL:+ECDHE-RSA", - NULL); + assert(gnutls_priority_set_direct(session, + prio, + NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -163,7 +164,7 @@ static void terminate(void) exit(1); } -static void server(int fd) +static void server(int fd, const char *prio) { int ret; gnutls_certificate_credentials_t xcred; @@ -193,9 +194,9 @@ static void server(int fd) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, - "NORMAL:-KX-ALL:+ECDHE-RSA", - NULL); + assert(gnutls_priority_set_direct(session, + prio, + NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -252,7 +253,8 @@ static void server(int fd) success("server: finished\n"); } -void doit(void) +static +void run(const char *name, const char *prio) { int fd[2]; int ret; @@ -277,15 +279,21 @@ void doit(void) /* parent */ close(fd[1]); - server(fd[0]); + server(fd[0], prio); wait(&status); check_wait_status(status); } else { close(fd[0]); - client(fd[1]); + client(fd[1], prio); exit(0); } } +void doit(void) +{ + run("tls1.2", "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2"); + run("tls1.3", "NORMAL:-VERS-ALL:+VERS-TLS1.3"); + run("default", "NORMAL"); +} #endif /* _WIN32 */ diff --git a/tests/tls-ext-register.c b/tests/tls-ext-register.c index bcba2f2458..15113a3e91 100644 --- a/tests/tls-ext-register.c +++ b/tests/tls-ext-register.c @@ -48,6 +48,7 @@ int main(int argc, char **argv) #endif #include <unistd.h> #include <gnutls/gnutls.h> +#include <assert.h> #include "utils.h" @@ -116,29 +117,30 @@ static int ext_send_server_params(gnutls_session_t session, gnutls_buffer_t extd return sizeof(ext_data); } -static void client(int sd) +static void client(int sd, const char *prio) { int ret; gnutls_session_t session; gnutls_certificate_credentials_t clientx509cred; void *p; - global_init(); gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(4711); side = "client"; + /* extensions are registered globally */ + ret = gnutls_ext_register("ext_client", TLSEXT_TYPE_SAMPLE, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL); + assert(ret >= 0); + gnutls_certificate_allocate_credentials(&clientx509cred); /* Initialize TLS session */ gnutls_init(&session, GNUTLS_CLIENT); - /* Use default priorities */ - gnutls_priority_set_direct(session, "PERFORMANCE:+ANON-ECDH:+ANON-DH", - NULL); + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); /* put the anonymous credentials to the current session */ @@ -148,8 +150,6 @@ static void client(int sd) gnutls_transport_set_int(session, sd); gnutls_handshake_set_timeout(session, 20 * 1000); - gnutls_ext_register("ext_client", TLSEXT_TYPE_SAMPLE, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL); - /* Perform the TLS handshake */ ret = gnutls_handshake(session); @@ -183,8 +183,6 @@ end: gnutls_deinit(session); gnutls_certificate_free_credentials(clientx509cred); - - gnutls_global_deinit(); } /* This is a sample TLS 1.0 server, for extension @@ -232,7 +230,7 @@ const gnutls_datum_t server_key = { server_key_pem, }; -static void server(int sd) +static void server(int sd, const char *prio) { gnutls_certificate_credentials_t serverx509cred; int ret; @@ -241,7 +239,6 @@ static void server(int sd) /* this must be called once in the program */ - global_init(); gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(4711); @@ -255,16 +252,12 @@ static void server(int sd) gnutls_init(&session, GNUTLS_SERVER); - /* avoid calling all the priority functions, since the defaults - * are adequate. - */ - gnutls_priority_set_direct(session, "PERFORMANCE:+ANON-ECDH:+ANON-DH", - NULL); + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_ext_register("ext_server", TLSEXT_TYPE_SAMPLE, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL); + assert(gnutls_ext_register("ext_server", TLSEXT_TYPE_SAMPLE, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL)>=0); gnutls_transport_set_int(session, sd); gnutls_handshake_set_timeout(session, 20 * 1000); @@ -287,33 +280,29 @@ static void server(int sd) */ gnutls_bye(session, GNUTLS_SHUT_WR); - /* check whether we can crash the library by adding many extensions */ - for (i=0;i<64;i++) { - ret = gnutls_ext_register("ext_serverxx", TLSEXT_TYPE_SAMPLE+i+1, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL); - if (ret < 0) { - success("failed registering extension no %d (expected)\n", i+1); - break; - } - } - close(sd); gnutls_deinit(session); gnutls_certificate_free_credentials(serverx509cred); - gnutls_global_deinit(); - if (debug) success("server: finished\n"); } -void doit(void) +static +void start(const char *prio) { - pid_t child; + pid_t child1, child2; int sockets[2]; int err; + success("trying %s\n", prio); + signal(SIGPIPE, SIG_IGN); + TLSEXT_TYPE_client_sent = 0; + TLSEXT_TYPE_client_received = 0; + TLSEXT_TYPE_server_sent = 0; + TLSEXT_TYPE_server_received = 0; err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); if (err == -1) { @@ -322,22 +311,56 @@ void doit(void) return; } - child = fork(); - if (child < 0) { + child1 = fork(); + if (child1 < 0) { perror("fork"); fail("fork"); - return; } - if (child) { + if (child1) { int status; /* parent */ close(sockets[1]); - server(sockets[0]); - wait(&status); + + child2 = fork(); + if (child2 < 0) { + perror("fork"); + fail("fork"); + } + + if (child2) { + waitpid(child1, &status, 0); + check_wait_status(status); + + waitpid(child2, &status, 0); + check_wait_status(status); + } else { + server(sockets[0], prio); + exit(0); + } } else { close(sockets[0]); - client(sockets[1]); + client(sockets[1], prio); + exit(0); + } +} + +void doit(void) +{ + int ret; + unsigned i; + + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); + + /* check whether we can crash the library by adding many extensions */ + for (i=0;i<64;i++) { + ret = gnutls_ext_register("ext_serverxx", TLSEXT_TYPE_SAMPLE+i+1, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL); + if (ret < 0) { + success("failed registering extension no %d (expected)\n", i+1); + break; + } } } diff --git a/tests/tls-session-ext-override.c b/tests/tls-session-ext-override.c index e8c5379483..56bebe6644 100644 --- a/tests/tls-session-ext-override.c +++ b/tests/tls-session-ext-override.c @@ -300,9 +300,11 @@ static void override_ext(unsigned extension) close(sockets[1]); server(sockets[0]); wait(&status); + check_wait_status(status); } else { close(sockets[0]); client(sockets[1]); + exit(0); } } diff --git a/tests/tls-session-supplemental.c b/tests/tls-session-supplemental.c index 330bfaea34..b7421c3925 100644 --- a/tests/tls-session-supplemental.c +++ b/tests/tls-session-supplemental.c @@ -20,7 +20,7 @@ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ -/* Parts copied from GnuTLS example programs. */ +/* This tests the supplemental data extension under TLS1.2 */ #ifdef HAVE_CONFIG_H #include <config.h> @@ -42,17 +42,16 @@ int main(int argc, char **argv) #include <string.h> #include <sys/types.h> #include <sys/socket.h> +#include <assert.h> #if !defined(_WIN32) #include <sys/wait.h> #endif #include <unistd.h> #include <gnutls/gnutls.h> +#include "cert-common.h" #include "utils.h" -/* A very basic TLS client, with supplemental data - */ - const char *side = ""; static void tls_log_func(int level, const char *str) @@ -117,7 +116,7 @@ int supp_server_send_func(gnutls_session_t session, gnutls_buffer_t buf) return GNUTLS_E_SUCCESS; } -static void client(int sd) +static void client(int sd, const char *prio) { int ret; gnutls_session_t session; @@ -137,9 +136,7 @@ static void client(int sd) gnutls_init(&session, GNUTLS_CLIENT); gnutls_handshake_set_timeout(session, 20 * 1000); - /* Use default priorities */ - gnutls_priority_set_direct(session, "PERFORMANCE:+ANON-ECDH:+ANON-DH", - NULL); + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); /* put the anonymous credentials to the current session */ @@ -181,57 +178,12 @@ end: gnutls_global_deinit(); } -/* This is a sample TLS 1.0 server, for extension - */ - -static unsigned char server_cert_pem[] = - "-----BEGIN CERTIFICATE-----\n" - "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" - "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" - "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" - "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" - "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" - "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" - "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" - "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" - "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" - "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" - "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" - "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" - "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; - -const gnutls_datum_t server_cert = { server_cert_pem, - sizeof(server_cert_pem) -}; - -static unsigned char server_key_pem[] = - "-----BEGIN RSA PRIVATE KEY-----\n" - "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" - "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" - "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" - "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" - "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" - "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" - "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" - "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" - "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" - "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" - "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" - "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" - "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" - "-----END RSA PRIVATE KEY-----\n"; - -const gnutls_datum_t server_key = { server_key_pem, - sizeof(server_key_pem) -}; - -int err, ret; -char topbuf[512]; -gnutls_session_t session; -int optval = 1; - -static void server(int sd) +static void server(int sd, const char *prio) { + int err, ret; + char topbuf[512]; + gnutls_session_t session; + int optval = 1; gnutls_certificate_credentials_t serverx509cred; /* this must be called once in the program @@ -251,11 +203,7 @@ static void server(int sd) gnutls_init(&session, GNUTLS_SERVER); gnutls_handshake_set_timeout(session, 20 * 1000); - /* avoid calling all the priority functions, since the defaults - * are adequate. - */ - gnutls_priority_set_direct(session, "PERFORMANCE:+ANON-ECDH:+ANON-DH", - NULL); + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, serverx509cred); @@ -295,10 +243,19 @@ static void server(int sd) success("server: finished\n"); } -void doit(void) +static +void start(const char *prio) { pid_t child; - int sockets[2]; + int sockets[2], err; + + signal(SIGPIPE, SIG_IGN); + TLS_SUPPLEMENTALDATA_client_sent = 0; + TLS_SUPPLEMENTALDATA_client_received = 0; + TLS_SUPPLEMENTALDATA_server_sent = 0; + TLS_SUPPLEMENTALDATA_server_received = 0; + + success("trying: %s\n", prio); err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); if (err == -1) { @@ -317,10 +274,17 @@ void doit(void) if (child) { int status; /* parent */ - server(sockets[0]); + server(sockets[0], prio); wait(&status); - } else - client(sockets[1]); + check_wait_status(status); + } else { + client(sockets[1], prio); + exit(0); + } } +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); +} #endif /* _WIN32 */ diff --git a/tests/tls-supplemental.c b/tests/tls-supplemental.c index 8ddb89a513..d60186fd8e 100644 --- a/tests/tls-supplemental.c +++ b/tests/tls-supplemental.c @@ -315,10 +315,15 @@ void doit(void) if (child) { int status; /* parent */ + close(sockets[1]); server(sockets[0]); wait(&status); - } else + check_wait_status(status); + } else { + close(sockets[0]); client(sockets[1]); + exit(0); + } } #endif /* _WIN32 */ diff --git a/tests/tls-with-seccomp.c b/tests/tls-with-seccomp.c index de725e4edd..97b0dfb1bc 100644 --- a/tests/tls-with-seccomp.c +++ b/tests/tls-with-seccomp.c @@ -44,6 +44,7 @@ int main() #include <arpa/inet.h> #include <unistd.h> #include <signal.h> +#include <assert.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -64,7 +65,7 @@ static void client_log_func(int level, const char *str) #define MAX_BUF 1024 -static void client(int fd) +static void client(int fd, const char *prio) { int ret; char buffer[MAX_BUF + 1]; @@ -85,10 +86,7 @@ static void client(int fd) gnutls_init(&session, GNUTLS_CLIENT); gnutls_handshake_set_timeout(session, 20 * 1000); - /* Use default priorities */ - gnutls_priority_set_direct(session, - "NORMAL:-KX-ALL:+ECDHE-RSA", - NULL); + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -158,7 +156,7 @@ static void terminate(void) exit(1); } -static void server(int fd) +static void server(int fd, const char *prio) { int ret; gnutls_certificate_credentials_t xcred; @@ -191,12 +189,7 @@ static void server(int fd) gnutls_init(&session, GNUTLS_SERVER); gnutls_handshake_set_timeout(session, 20 * 1000); - /* avoid calling all the priority functions, since the defaults - * are adequate. - */ - gnutls_priority_set_direct(session, - "NORMAL:-KX-ALL:+ECDHE-RSA", - NULL); + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -253,11 +246,13 @@ static void server(int fd) success("server: finished\n"); } -void doit(void) +static +void run(const char *name, const char *prio) { int fd[2]; int ret; + success("trying: %s\n", name); signal(SIGPIPE, SIG_IGN); ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); @@ -278,15 +273,22 @@ void doit(void) /* parent */ close(fd[0]); - client(fd[1]); + client(fd[1], prio); wait(&status); check_wait_status(status); } else { close(fd[1]); - server(fd[0]); + server(fd[0], prio); exit(0); } } +void doit(void) +{ + run("tls1.2", "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2"); + run("tls1.3", "NORMAL:-VERS-ALL:+VERS-TLS1.3"); + run("default", "NORMAL"); +} + #endif /* _WIN32 */ diff --git a/tests/mini-x509-dual.c b/tests/tls12-anon-upgrade.c index 0bfd614d32..89f44ae3e9 100644 --- a/tests/mini-x509-dual.c +++ b/tests/tls12-anon-upgrade.c @@ -32,6 +32,9 @@ #include "utils.h" #include "eagain-common.h" +/* This tests the upgrade from anonymous ciphersuites to certificates + * under TLS1.2 */ + const char *side; static void tls_log_func(int level, const char *str) @@ -182,7 +185,7 @@ static void try(const char *client_prio, gnutls_kx_algorithm_t client_kx) gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); gnutls_priority_set_direct(server, - "NORMAL:+ANON-ECDH:+ECDHE-RSA:+DHE-RSA", + "NORMAL:-VERS-ALL:+VERS-TLS1.2:+ANON-ECDH:+ECDHE-RSA:+DHE-RSA", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -209,7 +212,7 @@ static void try(const char *client_prio, gnutls_kx_algorithm_t client_kx) if (ret < 0) exit(1); - ret = gnutls_priority_set_direct(client, "NORMAL:-KX-ALL:+ARCFOUR-128:+ANON-ECDH", NULL); + ret = gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ARCFOUR-128:+ANON-ECDH", NULL); if (ret < 0) exit(1); @@ -292,10 +295,10 @@ void doit(void) { global_init(); - try("NORMAL:-KX-ALL:+DHE-RSA:+ARCFOUR-128", GNUTLS_KX_DHE_RSA); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA:+ARCFOUR-128", GNUTLS_KX_DHE_RSA); reset_buffers(); - try("NORMAL:-KX-ALL:+ECDHE-RSA:+ARCFOUR-128", GNUTLS_KX_ECDHE_RSA); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:+ARCFOUR-128", GNUTLS_KX_ECDHE_RSA); reset_buffers(); - try("NORMAL:-KX-ALL:+RSA:+ARCFOUR-128", GNUTLS_KX_RSA); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:+ARCFOUR-128", GNUTLS_KX_RSA); gnutls_global_deinit(); } diff --git a/tests/tls-max-record.c b/tests/tls12-max-record.c index fb4076edf1..61ff1c4512 100644 --- a/tests/tls-max-record.c +++ b/tests/tls12-max-record.c @@ -77,7 +77,7 @@ void doit(void) serverx509cred); gnutls_priority_set_direct(server, - "NORMAL", + "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -104,7 +104,7 @@ void doit(void) if (ret < 0) exit(1); - ret = gnutls_priority_set_direct(client, "NORMAL", NULL); + ret = gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); if (ret < 0) exit(1); diff --git a/tests/tlsext-decoding.c b/tests/tlsext-decoding.c index ed0f3e3fc8..1a36c669f0 100644 --- a/tests/tlsext-decoding.c +++ b/tests/tlsext-decoding.c @@ -48,6 +48,7 @@ int main() #include <arpa/inet.h> #include <unistd.h> #include <signal.h> +#include <assert.h> #include <gnutls/gnutls.h> #include "utils.h" @@ -112,7 +113,7 @@ static ssize_t odd_push(gnutls_transport_ptr_t tr, const void *data, size_t len) /* A very basic DTLS client handling DTLS 0.9 which sets premaster secret. */ -static void client(int fd) +static void client(int fd, const char *prio) { int ret; gnutls_certificate_credentials_t xcred; @@ -132,10 +133,7 @@ static void client(int fd) gnutls_init(&session, GNUTLS_CLIENT); gnutls_handshake_set_timeout(session, 20 * 1000); - /* Use default priorities */ - gnutls_priority_set_direct(session, - "NORMAL:-KX-ALL:+ECDHE-RSA:%COMPAT", - NULL); + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -176,7 +174,7 @@ static void terminate(void) exit(1); } -static void server(int fd) +static void server(int fd, const char *prio) { int ret; gnutls_certificate_credentials_t xcred; @@ -205,9 +203,7 @@ static void server(int fd) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, - "NORMAL:-KX-ALL:+ECDHE-RSA", - NULL); + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -225,7 +221,6 @@ static void server(int fd) gnutls_strerror(ret)); terminate(); } - success("server: Handshake failed as expected\n"); close(fd); gnutls_deinit(session); @@ -235,14 +230,15 @@ static void server(int fd) gnutls_global_deinit(); if (debug) - success("server: finished\n"); + success("server: Handshake failed as expected\n"); } -static void start(void) +static void start(const char *prio) { int fd[2]; int ret; + success("trying %s\n", prio); signal(SIGPIPE, SIG_IGN); ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); @@ -263,25 +259,29 @@ static void start(void) /* parent */ close(fd[0]); - server(fd[1]); + server(fd[1], prio); wait(&status); check_wait_status(status); close(fd[1]); } else { close(fd[1]); - client(fd[0]); + client(fd[0], prio); exit(0); } } void doit(void) { - /* check overflow */ - start(); + success("checking overflow\n"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); - /* check underflow */ + success("checking underflow\n"); reduce = 1; - start(); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); } #endif /* _WIN32 */ diff --git a/tests/version-checks.c b/tests/version-checks.c index 588d5776e2..c02bdbe79e 100644 --- a/tests/version-checks.c +++ b/tests/version-checks.c @@ -59,7 +59,7 @@ static void try(const char *client_prio, int expected) int cret = GNUTLS_E_AGAIN; unsigned flags = 0; unsigned dtls = 0; - const char *server_prio = "NORMAL"; + const char *server_prio = "NORMAL:+VERS-TLS-ALL"; if (expected >= GNUTLS_DTLS_VERSION_MIN && expected <= GNUTLS_DTLS_VERSION_MAX) { dtls = 1; @@ -162,6 +162,8 @@ void doit(void) reset_buffers(); try("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2", GNUTLS_TLS1_2); reset_buffers(); + try("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", GNUTLS_TLS1_3); + reset_buffers(); #ifdef ENABLE_SSL3 try("NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0", -1); reset_buffers(); diff --git a/tests/x509-cert-callback-legacy.c b/tests/x509-cert-callback-legacy.c index caf515f711..98ae7dbd9c 100644 --- a/tests/x509-cert-callback-legacy.c +++ b/tests/x509-cert-callback-legacy.c @@ -28,6 +28,7 @@ #include <stdlib.h> #include <string.h> #include <errno.h> +#include <assert.h> #include <gnutls/gnutls.h> #include <gnutls/abstract.h> #include <gnutls/x509.h> @@ -133,7 +134,7 @@ server_cert_callback(gnutls_session_t session, return 0; } -void doit(void) +static void start(const char *prio) { int exit_code = EXIT_SUCCESS; int ret; @@ -146,6 +147,8 @@ void doit(void) gnutls_session_t client; int cret = GNUTLS_E_AGAIN; + success("testing %s\n", prio); + /* General init. */ global_init(); gnutls_global_set_log_function(tls_log_func); @@ -160,8 +163,7 @@ void doit(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_priority_set_direct(server, - "NORMAL:-CIPHER-ALL:+AES-128-GCM", NULL); + assert(gnutls_priority_set_direct(server, prio, NULL) >= 0); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); @@ -191,7 +193,7 @@ void doit(void) if (ret < 0) exit(1); - gnutls_priority_set_direct(client, "NORMAL", NULL); + assert(gnutls_priority_set_direct(client, prio, NULL) >= 0); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); @@ -376,10 +378,13 @@ void doit(void) gnutls_global_deinit(); - if (debug > 0) { - if (exit_code == 0) - puts("Self-test successful"); - else - puts("Self-test failed"); - } + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3"); + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1"); + start("NORMAL"); } diff --git a/tests/x509-cert-callback-ocsp.c b/tests/x509-cert-callback-ocsp.c index 7e09212d1e..771b3c3b96 100644 --- a/tests/x509-cert-callback-ocsp.c +++ b/tests/x509-cert-callback-ocsp.c @@ -235,4 +235,5 @@ void doit(void) start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3"); start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"); start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1"); + start("NORMAL"); } diff --git a/tests/x509-cert-callback.c b/tests/x509-cert-callback.c index f23b531f87..e673096195 100644 --- a/tests/x509-cert-callback.c +++ b/tests/x509-cert-callback.c @@ -431,4 +431,5 @@ void doit(void) start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3"); start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"); start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1"); + start("NORMAL"); } diff --git a/tests/x509dn.c b/tests/x509dn.c index d84151149a..820e414b53 100644 --- a/tests/x509dn.c +++ b/tests/x509dn.c @@ -49,6 +49,7 @@ int main(int argc, char **argv) #endif #include <unistd.h> #include <signal.h> +#include <assert.h> #include <gnutls/gnutls.h> #include <gnutls/abstract.h> @@ -65,9 +66,6 @@ static void tls_log_func(int level, const char *str) str); } -/* A very basic TLS client, with anonymous authentication. - */ - #define MAX_BUF 1024 #define MSG "Hello TLS" @@ -135,7 +133,7 @@ cert_callback(gnutls_session_t session, } -static void client(int sd) +static void client(int sd, const char *prio) { int ret, ii; gnutls_session_t session; @@ -165,8 +163,7 @@ static void client(int sd) */ gnutls_init(&session, GNUTLS_CLIENT); - /* Use default priorities */ - gnutls_priority_set_direct(session, "NORMAL", NULL); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); /* put the x509 credentials to the current session */ @@ -234,33 +231,13 @@ static void client(int sd) */ #define MAX_BUF 1024 -#define DH_BITS 1024 - -/* These are global */ - -static gnutls_dh_params_t dh_params; -static int generate_dh_params(void) +static void server(int sd, const char *prio) { - const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) }; - /* Generate Diffie-Hellman parameters - for use with DHE - * kx algorithms. These should be discarded and regenerated - * once a day, once a week or once a month. Depending on the - * security requirements. - */ - gnutls_dh_params_init(&dh_params); - return gnutls_dh_params_import_pkcs3(dh_params, &p3, - GNUTLS_X509_FMT_PEM); -} - - - -static void server(int sd) -{ -gnutls_certificate_credentials_t x509_cred; -int ret; -gnutls_session_t session; -char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t x509_cred; + int ret; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; /* this must be called once in the program */ global_init(); @@ -281,19 +258,9 @@ char buffer[MAX_BUF + 1]; &server_ca3_key, GNUTLS_X509_FMT_PEM); - if (debug) - success("Launched, generating DH parameters...\n"); - - generate_dh_params(); - - gnutls_certificate_set_dh_params(x509_cred, dh_params); - gnutls_init(&session, GNUTLS_SERVER); - /* avoid calling all the priority functions, since the defaults - * are adequate. - */ - gnutls_priority_set_direct(session, "NORMAL", NULL); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); @@ -302,8 +269,6 @@ char buffer[MAX_BUF + 1]; gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUEST); - gnutls_dh_set_prime_bits(session, DH_BITS); - gnutls_transport_set_int(session, sd); gnutls_handshake_set_timeout(session, 20 * 1000); @@ -355,20 +320,20 @@ char buffer[MAX_BUF + 1]; gnutls_certificate_free_credentials(x509_cred); - gnutls_dh_params_deinit(dh_params); - gnutls_global_deinit(); if (debug) success("server: finished\n"); } - -void doit(void) +static +void start(const char *prio) { int sockets[2]; int err; + success("trying %s\n", prio); + signal(SIGPIPE, SIG_IGN); err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); @@ -389,13 +354,21 @@ void doit(void) int status; /* parent */ close(sockets[1]); - server(sockets[0]); + server(sockets[0], prio); wait(&status); check_wait_status(status); } else { close(sockets[0]); - client(sockets[1]); + client(sockets[1], prio); + exit(0); } } +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} + #endif /* _WIN32 */ diff --git a/tests/x509self.c b/tests/x509self.c index 00ff480588..f1c674a8e5 100644 --- a/tests/x509self.c +++ b/tests/x509self.c @@ -29,6 +29,7 @@ #include <stdio.h> #include <stdlib.h> +#include <assert.h> #include "cert-common.h" #if defined(_WIN32) @@ -63,15 +64,11 @@ static void tls_log_func(int level, const char *str) str); } -/* A very basic TLS client, with anonymous authentication. - */ - - #define MAX_BUF 1024 #define MSG "Hello TLS" -static void client(int sd) +static void client(int sd, const char *prio) { int ret, ii; gnutls_session_t session; @@ -98,8 +95,7 @@ static void client(int sd) */ gnutls_init(&session, GNUTLS_CLIENT); - /* Use default priorities */ - gnutls_priority_set_direct(session, "NORMAL", NULL); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); /* put the x509 credentials to the current session */ @@ -147,7 +143,9 @@ static void client(int sd) goto end; } - ret = gnutls_record_recv(session, buffer, MAX_BUF); + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); if (debug) success("client: recv returned %d.\n", ret); @@ -203,58 +201,16 @@ static void client(int sd) #define MAX_BUF 1024 #define DH_BITS 1024 -/* These are global */ -gnutls_certificate_credentials_t x509_cred; -static gnutls_session_t initialize_tls_session(void) +static void server(int sd, const char *prio) { + int err, ret; + char topbuf[512]; gnutls_session_t session; + char buffer[MAX_BUF + 1]; + int optval = 1; + gnutls_certificate_credentials_t x509_cred; - gnutls_init(&session, GNUTLS_SERVER); - - /* avoid calling all the priority functions, since the defaults - * are adequate. - */ - gnutls_priority_set_direct(session, "NORMAL", NULL); - - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); - - /* request client certificate if any. - Moved to later on to be able to test re-handshakes. - gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); - */ - - gnutls_dh_set_prime_bits(session, DH_BITS); - - return session; -} - -static gnutls_dh_params_t dh_params; - -static int generate_dh_params(void) -{ - const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) }; - /* Generate Diffie-Hellman parameters - for use with DHE - * kx algorithms. These should be discarded and regenerated - * once a day, once a week or once a month. Depending on the - * security requirements. - */ - gnutls_dh_params_init(&dh_params); - return gnutls_dh_params_import_pkcs3(dh_params, &p3, - GNUTLS_X509_FMT_PEM); -} - -int err, ret; -char topbuf[512]; -gnutls_session_t session; -char buffer[MAX_BUF + 1]; -int optval = 1; - - -static void server(int sd) -{ - /* this must be called once in the program - */ global_init(); gnutls_global_set_log_function(tls_log_func); @@ -273,11 +229,19 @@ static void server(int sd) if (debug) success("Launched, generating DH parameters...\n"); - generate_dh_params(); + gnutls_init(&session, GNUTLS_SERVER); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); - gnutls_certificate_set_dh_params(x509_cred, dh_params); + /* request client certificate if any. + Moved to later on to be able to test re-handshakes. + gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); + */ + + gnutls_dh_set_prime_bits(session, DH_BITS); - session = initialize_tls_session(); gnutls_transport_set_int(session, sd); ret = gnutls_handshake(session); @@ -301,7 +265,9 @@ static void server(int sd) for (;;) { memset(buffer, 0, MAX_BUF + 1); - ret = gnutls_record_recv(session, buffer, MAX_BUF); + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); if (ret == 0) { if (debug) @@ -309,7 +275,7 @@ static void server(int sd) ("server: Peer has closed the GnuTLS connection\n"); break; } else if (ret < 0) { - fail("server: Received corrupted data(%d). Closing...\n", ret); + fail("server: Received corrupted data(%s). Closing...\n", gnutls_strerror(ret)); break; } else if (ret > 0) { gnutls_certificate_server_set_request(session, @@ -351,8 +317,6 @@ static void server(int sd) gnutls_certificate_free_credentials(x509_cred); - gnutls_dh_params_deinit(dh_params); - gnutls_global_deinit(); if (debug) @@ -360,9 +324,15 @@ static void server(int sd) } -void doit(void) +static +void start(const char *prio) { int sockets[2]; + int err; + + success("trying %s\n", prio); + + signal(SIGPIPE, SIG_IGN); err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); if (err == -1) { @@ -381,10 +351,22 @@ void doit(void) if (child) { int status; - server(sockets[0]); + close(sockets[1]); + server(sockets[0], prio); wait(&status); - } else - client(sockets[1]); + check_wait_status(status); + } else { + close(sockets[0]); + client(sockets[1], prio); + exit(0); + } +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL"); } #endif /* _WIN32 */ |