diff --git a/bin/common.h b/bin/common.h index d0abe04e818..6ac56a7cbe0 100644 --- a/bin/common.h +++ b/bin/common.h @@ -109,7 +109,7 @@ void send_data(struct s2n_connection *conn, int sockfd, const char *data, uint64 int echo(struct s2n_connection *conn, int sockfd, bool *stop_echo); int wait_for_event(int fd, s2n_blocked_status blocked); int negotiate(struct s2n_connection *conn, int sockfd); -int renegotiate(struct s2n_connection *conn, int sockfd, bool wait); +int renegotiate(struct s2n_connection *conn, int sockfd); int wait_for_shutdown(struct s2n_connection *conn, int sockfd); int early_data_recv(struct s2n_connection *conn); int early_data_send(struct s2n_connection *conn, uint8_t *data, uint32_t len); diff --git a/bin/echo.c b/bin/echo.c index 0d3eca5bcf2..f9d11359dd4 100644 --- a/bin/echo.c +++ b/bin/echo.c @@ -302,7 +302,7 @@ int negotiate(struct s2n_connection *conn, int fd) return 0; } -int renegotiate(struct s2n_connection *conn, int fd, bool wait_for_more_data) +int renegotiate(struct s2n_connection *conn, int fd) { s2n_blocked_status blocked = S2N_NOT_BLOCKED; uint8_t buffer[STDIO_BUFSIZE] = { 0 }; @@ -314,13 +314,6 @@ int renegotiate(struct s2n_connection *conn, int fd, bool wait_for_more_data) fprintf(stdout, "RENEGOTIATE\n"); fflush(stdout); - /* Do not proceed with renegotiation until we receive more data from the server */ - if (wait_for_more_data) { - fd_set fds = { 0 }; - FD_SET(fd, &fds); - select(FD_SETSIZE, &fds, NULL, NULL, NULL); - } - while (s2n_renegotiate(conn, buffer, sizeof(buffer), &data_read, &blocked) != S2N_SUCCESS) { uint8_t *data_ptr = buffer; while (data_read > 0) { diff --git a/bin/s2nc.c b/bin/s2nc.c index 64c9f930bbe..552109eba6f 100644 --- a/bin/s2nc.c +++ b/bin/s2nc.c @@ -139,10 +139,9 @@ void usage() " Ex: --psk psk_id,psk_secret,SHA256 --psk shared_id,shared_secret,SHA384.\n"); fprintf(stderr, " -E ,--early-data \n"); fprintf(stderr, " Sends data in file path as early data to the server. Early data will only be sent if s2nc receives a session ticket and resumes a session.\n"); - fprintf(stderr, " --renegotiation [accept|reject|wait]\n" + fprintf(stderr, " --renegotiation [accept|reject]\n" " accept: Accept all server requests for a new handshake\n" - " reject: Reject all server requests for a new handshake\n" - " wait: Wait for additional application data before accepting server requests. Intended for the integ tests.\n"); + " reject: Reject all server requests for a new handshake\n"); fprintf(stderr, " --npn \n"); fprintf(stderr, " Indicates support for the NPN extension. The '--alpn' option MUST be used with this option to signal the protocols supported."); fprintf(stderr, "\n"); @@ -179,7 +178,6 @@ static int test_session_ticket_cb(struct s2n_connection *conn, void *ctx, struct struct reneg_req_ctx { bool do_renegotiate; - bool wait; s2n_renegotiate_response response; }; @@ -509,9 +507,6 @@ int main(int argc, char *const *argv) reneg_ctx.response = S2N_RENEGOTIATE_ACCEPT; } else if (strcmp(optarg, "reject") == 0) { reneg_ctx.response = S2N_RENEGOTIATE_REJECT; - } else if (strcmp(optarg, "wait") == 0) { - reneg_ctx.response = S2N_RENEGOTIATE_ACCEPT; - reneg_ctx.wait = true; } else { fprintf(stderr, "Unrecognized option: %s\n", optarg); exit(1); @@ -798,7 +793,7 @@ int main(int argc, char *const *argv) } reneg_ctx.do_renegotiate = false; - GUARD_EXIT(renegotiate(conn, sockfd, reneg_ctx.wait), "Renegotiation failed"); + GUARD_EXIT(renegotiate(conn, sockfd), "Renegotiation failed"); } if (serialize_out) { diff --git a/tests/integrationv2/fixtures.py b/tests/integrationv2/fixtures.py index 91edb87b159..08d5f1a9a44 100644 --- a/tests/integrationv2/fixtures.py +++ b/tests/integrationv2/fixtures.py @@ -94,8 +94,29 @@ def _fn( # is nothing to capture here. pass finally: - # Whether the processes succeeded or not, clean then up. for p in processes: + # Always print the results + if p.results: + width = 90 + padchar = "#" + + print(padchar * width) + print(f" {p.cmd_line[0]} ".center(width, padchar)) + print(padchar * width) + + print(f"Command line:\n\t{' '.join(p.cmd_line)}") + print(f"Exit code:\n\t {p.results.exit_code}") + print("") + + print(" Stdout ".center(width, padchar)) + print(p.results.stdout.decode("utf-8", "backslashreplace")) + print("") + + print(" Stderr ".center(width, padchar)) + print(p.results.stderr.decode("utf-8", "backslashreplace")) + print("") + + # Whether the processes succeeded or not, clean them up. if aborted: p.kill() else: diff --git a/tests/integrationv2/processes.py b/tests/integrationv2/processes.py index f7fa9233699..fcc0c92b88c 100644 --- a/tests/integrationv2/processes.py +++ b/tests/integrationv2/processes.py @@ -12,7 +12,7 @@ _PopenSelector = selectors.PollSelector _PIPE_BUF = getattr(select, "PIPE_BUF", 512) -_DEBUG_LEN = 80 +_DEBUG_LEN = 200 class _processCommunicator(object): @@ -475,27 +475,6 @@ def run(self): self.expect_stderr, ) raise ex - finally: - # This data is dumped to stdout so we capture this - # information no matter where a test fails. - print("###############################################################") - print( - f"####################### {self.cmd_line[0]} #######################" - ) - print("###############################################################") - - print(f"Command line:\n\t{' '.join(self.cmd_line)}") - print(f"Exit code:\n\t {proc.returncode}") - - print("##########################################################") - print("########################### Stdout #######################") - print("##########################################################") - print(proc_results[0].decode("utf-8", "backslashreplace")) - - print("#########################################################") - print("########################### Stderr #######################") - print("#########################################################") - print(proc_results[1].decode("utf-8", "backslashreplace")) def kill(self): self.proc.kill() diff --git a/tests/integrationv2/test_renegotiate.py b/tests/integrationv2/test_renegotiate.py index 5edfdfdf276..3b503b217d1 100644 --- a/tests/integrationv2/test_renegotiate.py +++ b/tests/integrationv2/test_renegotiate.py @@ -25,7 +25,6 @@ S2N_RENEG_OPTION = "--renegotiation" S2N_RENEG_ACCEPT = "accept" S2N_RENEG_REJECT = "reject" -S2N_RENEG_WAIT = "wait" OPENSSL_RENEG_CTRL_CMD = "r\n" @@ -191,6 +190,7 @@ def basic_reneg_test( provider, messages=RENEG_MESSAGES, reneg_option=None, + timeout=8, ): options = ProviderOptions( port=next(available_ports), @@ -217,7 +217,7 @@ def basic_reneg_test( provider, server_options, send_marker=Msg.send_markers(messages, Provider.ServerMode), - timeout=8, + timeout=timeout, ) s2n_client = managed_process( @@ -225,7 +225,7 @@ def basic_reneg_test( client_options, send_marker=Msg.send_markers(messages, Provider.ClientMode), close_marker=Msg.close_marker(messages), - timeout=8, + timeout=timeout, ) return (s2n_client, server) @@ -393,7 +393,7 @@ def test_s2n_client_renegotiate_with_client_auth_with_openssl( protocol, provider, messages=messages, - reneg_option=S2N_RENEG_WAIT, + reneg_option=S2N_RENEG_ACCEPT, ) for results in server.get_results(): @@ -418,55 +418,3 @@ def test_s2n_client_renegotiate_with_client_auth_with_openssl( reneg_finishes = stdout_str.find(S2N_RENEG_SUCCESS_MARKER) assert client_auth_marker in stdout_str[init_finishes:reneg_finishes] assert no_client_cert_marker not in stdout_str[init_finishes:reneg_finishes] - - -""" -The s2n-tls client successfully reads ApplicationData during the renegotiation handshake. -""" - - -@pytest.mark.flaky(reruns=3, reruns_delay=1) -@pytest.mark.uncollect_if(func=invalid_test_parameters) -@pytest.mark.parametrize("cipher", ALL_TEST_CIPHERS, ids=get_parameter_name) -@pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name) -@pytest.mark.parametrize("certificate", MINIMAL_TEST_CERTS, ids=get_parameter_name) -@pytest.mark.parametrize("protocol", TEST_PROTOCOLS, ids=get_parameter_name) -@pytest.mark.parametrize("provider", [OpenSSL], ids=get_parameter_name) -def test_s2n_client_renegotiate_with_app_data_with_openssl( - managed_process, # noqa: F811 - cipher, - curve, - certificate, - protocol, - provider, -): - first_server_app_data = Msg.expected_output(RENEG_MESSAGES, Provider.ClientMode)[0] - (s2n_client, server) = basic_reneg_test( - managed_process, - cipher, - curve, - certificate, - protocol, - provider, - reneg_option=S2N_RENEG_WAIT, - ) - - for results in server.get_results(): - results.assert_success() - for output in Msg.expected_output(RENEG_MESSAGES, Provider.ServerMode): - assert output in results.stdout - assert renegotiate_was_requested(results) - assert not renegotiate_was_rejected(results) - - for results in s2n_client.get_results(): - results.assert_success() - for output in Msg.expected_output(RENEG_MESSAGES, Provider.ClientMode): - assert output in results.stdout - assert renegotiate_was_successful(results) - stdout_str = str(results.stdout) - - # In order to test the case where application data is received during renegotiation, - # we must verify that the data was received after renegotiation started but before the new handshake finished. - reneg_starts = stdout_str.find(S2N_RENEG_START_MARKER) - reneg_finishes = stdout_str.find(S2N_RENEG_SUCCESS_MARKER) - assert to_marker(first_server_app_data) in stdout_str[reneg_starts:reneg_finishes]