X-Git-Url: http://wagner.pp.ru/gitweb/?a=blobdiff_plain;f=test_tls.c;h=bc741dddd5ca05322f3cca05d2f99ddcf2d15669;hb=ea281d2516111f018f224409098d5a1d11e967bd;hp=fa4048c7afd844a9e4fcd9731536a6b478fb1d27;hpb=7ed64cd58e3f90e7a7229b0a504816e54f9444dc;p=openssl-gost%2Fengine.git diff --git a/test_tls.c b/test_tls.c index fa4048c..bc741dd 100644 --- a/test_tls.c +++ b/test_tls.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -69,7 +70,7 @@ struct certkey { * Simple TLS Server code is based on * https://wiki.openssl.org/index.php/Simple_TLS_Server */ -static int s_server(EVP_PKEY *pkey, X509 *cert, int pipewr) +static int s_server(EVP_PKEY *pkey, X509 *cert, int client) { SSL_CTX *ctx; T(ctx = SSL_CTX_new(TLS_server_method())); @@ -77,34 +78,9 @@ static int s_server(EVP_PKEY *pkey, X509 *cert, int pipewr) T(SSL_CTX_use_PrivateKey(ctx, pkey)); T(SSL_CTX_check_private_key(ctx)); - struct sockaddr_in addr = { .sin_family = AF_INET }; - socklen_t len; - int sock; - sock = socket(AF_INET, SOCK_STREAM, 0); - if (sock < 0) - err(1, "socket"); - if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &(int){1}, sizeof(int)) < 0) - err(1, "setsockopt"); - if (bind(sock, (struct sockaddr *)&addr, sizeof(addr)) < 0) - err(1, "bind"); - len = sizeof(addr); - if (getsockname(sock, (struct sockaddr *)&addr, &len) < 0) - err(1, "getsockname"); - int port = ntohs(addr.sin_port); - if (listen(sock, 1) < 0) - err(1, "listen"); - /* Signal to client that server is ready. */ - if (write(pipewr, &port, sizeof(port)) != sizeof(port)) - err(1, "write pipe"); - len = sizeof(addr); - alarm(1); - int client = accept(sock, (struct sockaddr *)&addr, &len); - if (client < 0) - err(1, "accept"); - alarm(0); SSL *ssl; - ssl = SSL_new(ctx); - SSL_set_fd(ssl, client); + T(ssl = SSL_new(ctx)); + T(SSL_set_fd(ssl, client)); T(SSL_accept(ssl) == 1); /* Receive data from client */ @@ -127,7 +103,6 @@ static int s_server(EVP_PKEY *pkey, X509 *cert, int pipewr) SSL_free(ssl); close(client); - close(sock); SSL_CTX_free(ctx); return 0; } @@ -136,7 +111,7 @@ static int s_server(EVP_PKEY *pkey, X509 *cert, int pipewr) * Simple TLC Client code is based on man BIO_f_ssl and * https://wiki.openssl.org/index.php/SSL/TLS_Client */ -static int s_client(int piperd) +static int s_client(int server) { SSL_CTX *ctx; T(ctx = SSL_CTX_new(TLS_client_method())); @@ -150,17 +125,8 @@ static int s_client(int piperd) /* Does not work with reneg. */ BIO_set_ssl_renegotiate_bytes(sbio, 100 * 1024); #endif - int port; - alarm(1); - /* Wait for server to be ready. */ - if (read(piperd, &port, sizeof(port)) != sizeof(port)) - err(1, "read pipe"); - char tport[8]; - snprintf(tport, sizeof(tport), "%d", port); - T(BIO_set_conn_port(sbio, tport)); - T(BIO_do_connect(sbio) == 1); + T(SSL_set_fd(ssl, server)); T(BIO_do_handshake(sbio) == 1); - alarm(0); printf("Protocol: %s\n", SSL_get_version(ssl)); printf("Cipher: %s\n", SSL_get_cipher_name(ssl)); @@ -300,29 +266,71 @@ int test(const char *algname, const char *paramset) struct certkey ck; ck = certgen(algname, paramset); - int pipefd[2]; - if (pipe(pipefd)) - err(1, "pipe"); + int sockfd[2]; + if (socketpair(AF_LOCAL, SOCK_STREAM, 0, sockfd) == -1) + err(1, "socketpair"); - pid_t pid = fork(); - if (pid < 0) - err(1, "fork"); + setpgid(0, 0); - if (pid > 0) { - int status; - - ret = s_client(pipefd[0]); - wait(&status); - ret |= WIFEXITED(status) && WEXITSTATUS(status); + /* Run server in separate process. */ + pid_t server_pid = fork(); + if (server_pid < 0) + err(1, "fork server"); + if (server_pid == 0) { + ret = s_server(ck.pkey, ck.cert, sockfd[1]); X509_free(ck.cert); EVP_PKEY_free(ck.pkey); - } else if (pid == 0) { - ret = s_server(ck.pkey, ck.cert, pipefd[1]); + exit(ret); + } + + /* Run client in separate process. */ + pid_t client_pid = fork(); + if (client_pid < 0) + err(1, "fork client"); + if (client_pid == 0) { + ret = s_client(sockfd[0]); X509_free(ck.cert); EVP_PKEY_free(ck.pkey); exit(ret); } + /* Wait for first child to exit. */ + int status; + pid_t exited_pid = wait(&status); + ret = (WIFEXITED(status) && WEXITSTATUS(status)) || + (WIFSIGNALED(status) && WTERMSIG(status)); + if (ret) { + warnx(cRED "%s child %s with %d %s" cNORM, + exited_pid == server_pid? "server" : "client", + WIFSIGNALED(status)? "killed" : "exited", + WIFSIGNALED(status)? WTERMSIG(status) : WEXITSTATUS(status), + WIFSIGNALED(status)? strsignal(WTERMSIG(status)) : ""); + + /* If first child exited with error, kill other. */ + warnx("terminating %s by force", + exited_pid == server_pid? "client" : "server"); + kill(exited_pid == server_pid? client_pid : server_pid, SIGTERM); + } + + exited_pid = wait(&status); + /* Report error unless we killed it. */ + if (!ret && (!WIFEXITED(status) || WEXITSTATUS(status))) + warnx(cRED "%s child %s with %d %s" cNORM, + exited_pid == server_pid? "server" : "client", + WIFSIGNALED(status)? "killed" : "exited", + WIFSIGNALED(status)? WTERMSIG(status) : WEXITSTATUS(status), + WIFSIGNALED(status)? strsignal(WTERMSIG(status)) : ""); + ret |= (WIFEXITED(status) && WEXITSTATUS(status)) || + (WIFSIGNALED(status) && WTERMSIG(status)); + + /* Every responsible process should free this. */ + X509_free(ck.cert); + EVP_PKEY_free(ck.pkey); +#ifdef __SANITIZE_ADDRESS__ + /* Abort on the first (hopefully) ASan error. */ + if (ret) + _exit(ret); +#endif return ret; } @@ -338,7 +346,7 @@ int main(int argc, char **argv) T(ENGINE_init(eng)); T(ENGINE_set_default(eng, ENGINE_METHOD_ALL)); - ret |= test("rsa", NULL); + /* ret |= test("rsa", NULL); */ ret |= test("gost2012_256", "A"); ret |= test("gost2012_256", "B"); ret |= test("gost2012_256", "C");