diff options
| author | Gleb Smirnoff <glebius@FreeBSD.org> | 2024-04-24 20:36:43 +0000 |
|---|---|---|
| committer | Gleb Smirnoff <glebius@FreeBSD.org> | 2024-04-25 00:53:10 +0000 |
| commit | c68eed82a3dcadf0c826e9e150f59769f4c44f24 (patch) | |
| tree | bf98d42fd8b6958bc00216cc69c3c5e28d6afb37 /tests/sys/kern/socket_accf.c | |
| parent | 78101d437a92d539584795ffd2c46724da37e662 (diff) | |
| download | src-c68eed82a3dcadf0c826e9e150f59769f4c44f24.tar.gz src-c68eed82a3dcadf0c826e9e150f59769f4c44f24.zip | |
accf_tls: accept filter that waits for TLS handshake header
Diffstat (limited to 'tests/sys/kern/socket_accf.c')
| -rw-r--r-- | tests/sys/kern/socket_accf.c | 61 |
1 files changed, 60 insertions, 1 deletions
diff --git a/tests/sys/kern/socket_accf.c b/tests/sys/kern/socket_accf.c index 384062810c8d..747bcda87010 100644 --- a/tests/sys/kern/socket_accf.c +++ b/tests/sys/kern/socket_accf.c @@ -1,7 +1,7 @@ /*- * SPDX-License-Identifier: BSD-2-Clause * - * Copyright (c) 2022 Gleb Smirnoff <glebius@FreeBSD.org> + * Copyright (c) 2022-2024 Gleb Smirnoff <glebius@FreeBSD.org> * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -29,6 +29,7 @@ #include <netinet/in.h> #include <errno.h> #include <fcntl.h> +#include <stdlib.h> #include <atf-c.h> @@ -151,10 +152,68 @@ ATF_TC_BODY(http, tc) ATF_REQUIRE((a = accept(l, NULL, 0)) > 0); } +ATF_TC_WITHOUT_HEAD(tls); +ATF_TC_BODY(tls, tc) +{ + struct accept_filter_arg afa = { + .af_name = "tlsready" + }; + struct sockaddr_in sin; + int l, s, a; + + l = listensock(&sin); + accfon(l, &afa); + s = clientsock(&sin); + + /* 1) No data. */ + ATF_REQUIRE(accept(l, NULL, 0) == -1); + ATF_REQUIRE(errno == EAGAIN); + + /* 2) Less than 5 bytes. */ + ATF_REQUIRE(usend(s, "foo", sizeof("foo")) == sizeof("foo")); + ATF_REQUIRE(errno == EAGAIN); + + /* 3) Something that doesn't look like TLS handshake. */ + ATF_REQUIRE(usend(s, "bar", sizeof("bar")) == sizeof("bar")); + ATF_REQUIRE((a = accept(l, NULL, 0)) > 0); + + close(s); + close(a); + + /* 4) Partial TLS record. */ + s = clientsock(&sin); + struct { + uint8_t type; + uint16_t version; + uint16_t length; + } __attribute__((__packed__)) header = { + .type = 0x16, + .length = htons((uint16_t)(arc4random() % 16384)), + }; + _Static_assert(sizeof(header) == 5, ""); + ATF_REQUIRE(usend(s, &header, sizeof(header)) == sizeof(header)); + ssize_t sent = 0; + do { + size_t len; + char *buf; + + ATF_REQUIRE(accept(l, NULL, 0) == -1); + ATF_REQUIRE(errno == EAGAIN); + + len = arc4random() % 1024; + buf = alloca(len); + ATF_REQUIRE(usend(s, buf, len) == (ssize_t)len); + sent += len; + } while (sent < ntohs(header.length)); + /* TLS header with bytes >= declared length. */ + ATF_REQUIRE((a = accept(l, NULL, 0)) > 0); +} + ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, data); ATF_TP_ADD_TC(tp, http); + ATF_TP_ADD_TC(tp, tls); return (atf_no_error()); } |