tests/naked-alerts.c

   1 /*
   2  * Copyright (C) 2016 Red Hat, Inc.
   3  *
   4  * Author: Nikos Mavrogiannopoulos
   5  *
   6  * This file is part of GnuTLS.
   7  *
   8  * GnuTLS is free software; you can redistribute it and/or modify it
   9  * under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 3 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * GnuTLS is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with GnuTLS; if not, write to the Free Software Foundation,
  20  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  21  */
  22
  23 #ifdef HAVE_CONFIG_H
  24 #include <config.h>
  25 #endif
  26
  27 #include <stdio.h>
  28 #include <stdlib.h>
  29
  30 /* In this test we check whether the server will bail out after receiving
  31  * a bunch of warning alerts without a client hello.
  32  */
  33
  34 #if defined(_WIN32)
  35
  36 /* socketpair isn't supported on Win32. */
  37 int main(int argc, char **argv)
  38 {
  39         exit(77);
  40 }
  41
  42 #else
  43
  44 #include <string.h>
  45 #include <sys/types.h>
  46 #include <sys/socket.h>
  47 #if !defined(_WIN32)
  48 #include <sys/wait.h>
  49 #endif
  50 #include <unistd.h>
  51 #include <gnutls/gnutls.h>
  52
  53 #include "utils.h"
  54 #include "cert-common.h"
  55
  56 pid_t child;
  57
  58 static void tls_log_func(int level, const char *str)
  59 {
  60         fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level,
  61                 str);
  62 }
  63
  64 static unsigned char tls_alert[] =
  65         "\x15\x03\x03\x00\x02\x00\x0A";
  66
  67 static void client(int sd)
  68 {
  69         int ret;
  70         unsigned i;
  71
  72         /* send a list of warning alerts */
  73
  74         for (i=0;i<128;i++) {
  75                 ret = send(sd, tls_alert, sizeof(tls_alert)-1, 0);
  76                 if (ret < 0)
  77                         fail("error sending hello\n");
  78         }
  79
  80         close(sd);
  81 }
  82
  83 static void server(int sd)
  84 {
  85         gnutls_certificate_credentials_t x509_cred;
  86         gnutls_session_t session;
  87         int ret;
  88         unsigned loops;
  89
  90         /* this must be called once in the program
  91          */
  92         global_init();
  93
  94         gnutls_global_set_log_function(tls_log_func);
  95         if (debug)
  96                 gnutls_global_set_log_level(6);
  97
  98         gnutls_certificate_allocate_credentials(&x509_cred);
  99         gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert,
 100                                               GNUTLS_X509_FMT_PEM);
 101
 102         gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert,
 103                                             &server_ca3_key,
 104                                             GNUTLS_X509_FMT_PEM);
 105
 106         if (debug)
 107                 success("Launched, generating DH parameters...\n");
 108
 109         gnutls_init(&session, GNUTLS_SERVER);
 110
 111         /* avoid calling all the priority functions, since the defaults
 112          * are adequate.
 113          */
 114         gnutls_priority_set_direct(session, "NORMAL", NULL);
 115
 116         gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
 117
 118         gnutls_transport_set_int(session, sd);
 119         loops = 0;
 120         do {
 121                 ret = gnutls_handshake(session);
 122                 loops++;
 123                 if (loops > 64)
 124                         fail("Too many loops in the handshake!\n");
 125         } while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_WARNING_ALERT_RECEIVED);
 126
 127         if (ret != GNUTLS_E_UNEXPECTED_PACKET) {
 128                 fail("server: Handshake didn't fail with expected code (failed with %d)\n", ret);
 129         }
 130
 131         close(sd);
 132         gnutls_deinit(session);
 133
 134         gnutls_certificate_free_credentials(x509_cred);
 135
 136         gnutls_global_deinit();
 137
 138         if (debug)
 139                 success("server: finished\n");
 140 }
 141
 142
 143 void doit(void)
 144 {
 145         int sockets[2];
 146         int err;
 147
 148         err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets);
 149         if (err == -1) {
 150                 perror("socketpair");
 151                 fail("socketpair failed\n");
 152                 return;
 153         }
 154
 155         child = fork();
 156         if (child < 0) {
 157                 perror("fork");
 158                 fail("fork");
 159                 return;
 160         }
 161
 162         if (child) {
 163                 int status;
 164
 165                 server(sockets[0]);
 166                 wait(&status);
 167         } else
 168                 client(sockets[1]);
 169 }
 170
 171 #endif                          /* _WIN32 */