diff options
Diffstat (limited to 'tests/tls13/rnd-rollback-detection.c')
-rw-r--r-- | tests/tls13/rnd-rollback-detection.c | 95 |
1 files changed, 48 insertions, 47 deletions
diff --git a/tests/tls13/rnd-rollback-detection.c b/tests/tls13/rnd-rollback-detection.c index 138819d6c1..06f65a9edc 100644 --- a/tests/tls13/rnd-rollback-detection.c +++ b/tests/tls13/rnd-rollback-detection.c @@ -20,7 +20,7 @@ */ #ifdef HAVE_CONFIG_H -#include <config.h> +# include <config.h> #endif #include <stdio.h> @@ -35,20 +35,20 @@ int main(void) #else -#include <string.h> -#include <sys/types.h> -#include <netinet/in.h> -#include <sys/socket.h> -#include <sys/wait.h> -#include <arpa/inet.h> -#include <unistd.h> -#include <gnutls/gnutls.h> -#include <gnutls/dtls.h> -#include <signal.h> -#include <assert.h> - -#include "cert-common.h" -#include "utils.h" +# include <string.h> +# include <sys/types.h> +# include <netinet/in.h> +# include <sys/socket.h> +# include <sys/wait.h> +# include <arpa/inet.h> +# include <unistd.h> +# include <gnutls/gnutls.h> +# include <gnutls/dtls.h> +# include <signal.h> +# include <assert.h> + +# include "cert-common.h" +# include "utils.h" /* This program checks whether a TLS 1.3 client will detect * a TLS 1.2 rollback attempt via the server random value. @@ -64,8 +64,6 @@ static void client_log_func(int level, const char *str) fprintf(stderr, "client|<%d>| %s", level, str); } - - static void client(int fd) { int ret; @@ -81,8 +79,7 @@ static void client(int fd) gnutls_certificate_allocate_credentials(&x509_cred); gnutls_certificate_set_x509_key_mem(x509_cred, &cli_ca3_cert, - &cli_ca3_key, - GNUTLS_X509_FMT_PEM); + &cli_ca3_key, GNUTLS_X509_FMT_PEM); /* Initialize TLS session */ @@ -90,7 +87,10 @@ static void client(int fd) gnutls_handshake_set_timeout(session, get_timeout()); - ret = gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0", NULL); + ret = + gnutls_priority_set_direct(session, + "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0", + NULL); if (ret < 0) fail("cannot set TLS 1.2 priorities\n"); @@ -108,7 +108,8 @@ static void client(int fd) while (ret < 0 && gnutls_error_is_fatal(ret) == 0); if (ret != GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER) { - fail("unexpected error during rollback: %s\n", gnutls_strerror(ret)); + fail("unexpected error during rollback: %s\n", + gnutls_strerror(ret)); } close(fd); @@ -120,27 +121,29 @@ static void client(int fd) gnutls_global_deinit(); } -#ifdef TLS12 -# define RND tls12_rnd -# define PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" -#elif TLS11 -# define RND tls11_rnd -# define PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.0" -#else -# error unknown version to test -#endif - -gnutls_datum_t tls12_rnd = {(void*)"\x00\x00\x00\x04\x00\x00\x00\x04" - "\x00\x00\x00\x04\x00\x00\x00\x04" - "\x00\x00\x00\x04\x00\x00\x00\x04" - "\x44\x4F\x57\x4E\x47\x52\x44\x01", - 32}; - -gnutls_datum_t tls11_rnd = {(void*)"\x00\x00\x00\x04\x00\x00\x00\x04" - "\x00\x00\x00\x04\x00\x00\x00\x04" - "\x00\x00\x00\x04\x00\x00\x00\x04" - "\x44\x4F\x57\x4E\x47\x52\x44\x00", - 32}; +# ifdef TLS12 +# define RND tls12_rnd +# define PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" +# elif TLS11 +# define RND tls11_rnd +# define PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.0" +# else +# error unknown version to test +# endif + +gnutls_datum_t tls12_rnd = { (void *)"\x00\x00\x00\x04\x00\x00\x00\x04" + "\x00\x00\x00\x04\x00\x00\x00\x04" + "\x00\x00\x00\x04\x00\x00\x00\x04" + "\x44\x4F\x57\x4E\x47\x52\x44\x01", + 32 +}; + +gnutls_datum_t tls11_rnd = { (void *)"\x00\x00\x00\x04\x00\x00\x00\x04" + "\x00\x00\x00\x04\x00\x00\x00\x04" + "\x00\x00\x00\x04\x00\x00\x00\x04" + "\x44\x4F\x57\x4E\x47\x52\x44\x00", + 32 +}; static void server(int fd) { @@ -159,15 +162,14 @@ static void server(int fd) gnutls_certificate_allocate_credentials(&x509_cred); gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, - &server_key, - GNUTLS_X509_FMT_PEM); + &server_key, GNUTLS_X509_FMT_PEM); gnutls_init(&session, GNUTLS_SERVER); gnutls_handshake_set_timeout(session, get_timeout()); gnutls_handshake_set_random(session, &RND); - assert(gnutls_priority_set_direct(session, PRIO, NULL)>=0); + assert(gnutls_priority_set_direct(session, PRIO, NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); @@ -175,12 +177,11 @@ static void server(int fd) do { ret = gnutls_handshake(session); - if (ret == GNUTLS_E_INTERRUPTED) { /* expected */ + if (ret == GNUTLS_E_INTERRUPTED) { /* expected */ break; } } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); - close(fd); gnutls_deinit(session); |