1 /**
2 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3 * SPDX-License-Identifier: Apache-2.0.
4 */
5
6 #ifndef BYO_CRYPTO
7
8 # include <aws/io/channel_bootstrap.h>
9 # include <aws/io/event_loop.h>
10 # include <aws/io/file_utils.h>
11 # include <aws/io/host_resolver.h>
12 # include <aws/io/logging.h>
13 # include <aws/io/socket.h>
14 # include <aws/io/tls_channel_handler.h>
15
16 # include <aws/common/clock.h>
17 # include <aws/common/condition_variable.h>
18 # include <aws/common/thread.h>
19
20 # include <aws/testing/aws_test_harness.h>
21
22 # include <aws/common/string.h>
23 # include <read_write_test_handler.h>
24 # include <statistics_handler_test.h>
25
26 # if _MSC_VER
27 # pragma warning(disable : 4996) /* sprintf */
28 # endif
29
30 # ifdef _WIN32
31 # define LOCAL_SOCK_TEST_PATTERN "\\\\.\\pipe\\testsock%llu_%d"
32 # else
33 # define LOCAL_SOCK_TEST_PATTERN "testsock%llu_%d.sock"
34 # endif
35
36 struct tls_test_args {
37 struct aws_allocator *allocator;
38 struct aws_mutex *mutex;
39 struct aws_condition_variable *condition_variable;
40 struct aws_tls_connection_options *tls_options;
41 struct aws_channel *channel;
42 struct aws_channel_handler *rw_handler;
43 struct aws_channel_slot *rw_slot;
44 struct aws_byte_buf negotiated_protocol;
45 struct aws_byte_buf server_name;
46 int last_error_code;
47
48 uint32_t tls_levels_negotiated;
49 uint32_t desired_tls_levels;
50
51 bool listener_destroyed;
52 bool error_invoked;
53 bool expects_error;
54 bool server;
55 bool shutdown_finished;
56 bool setup_callback_invoked;
57 bool creation_callback_invoked;
58 };
59
60 /* common structure for tls options */
61 struct tls_opt_tester {
62 struct aws_tls_ctx_options ctx_options;
63 struct aws_tls_ctx *ctx;
64 struct aws_tls_connection_options opt;
65 };
66
s_tls_server_opt_tester_init(struct aws_allocator * allocator,struct tls_opt_tester * tester)67 static int s_tls_server_opt_tester_init(struct aws_allocator *allocator, struct tls_opt_tester *tester) {
68
69 # ifdef __APPLE__
70 struct aws_byte_cursor pwd_cur = aws_byte_cursor_from_c_str("1234");
71 ASSERT_SUCCESS(
72 aws_tls_ctx_options_init_server_pkcs12_from_path(&tester->ctx_options, allocator, "unittests.p12", &pwd_cur));
73 # else
74 ASSERT_SUCCESS(aws_tls_ctx_options_init_default_server_from_path(
75 &tester->ctx_options, allocator, "unittests.crt", "unittests.key"));
76 # endif /* __APPLE__ */
77 aws_tls_ctx_options_set_alpn_list(&tester->ctx_options, "h2;http/1.1");
78 tester->ctx = aws_tls_server_ctx_new(allocator, &tester->ctx_options);
79 ASSERT_NOT_NULL(tester->ctx);
80
81 aws_tls_connection_options_init_from_ctx(&tester->opt, tester->ctx);
82 return AWS_OP_SUCCESS;
83 }
84
s_tls_client_opt_tester_init(struct aws_allocator * allocator,struct tls_opt_tester * tester,struct aws_byte_cursor server_name)85 static int s_tls_client_opt_tester_init(
86 struct aws_allocator *allocator,
87 struct tls_opt_tester *tester,
88 struct aws_byte_cursor server_name) {
89
90 aws_io_library_init(allocator);
91
92 aws_tls_ctx_options_init_default_client(&tester->ctx_options, allocator);
93 ASSERT_SUCCESS(
94 aws_tls_ctx_options_override_default_trust_store_from_path(&tester->ctx_options, NULL, "unittests.crt"));
95
96 tester->ctx = aws_tls_client_ctx_new(allocator, &tester->ctx_options);
97 aws_tls_connection_options_init_from_ctx(&tester->opt, tester->ctx);
98 aws_tls_connection_options_set_alpn_list(&tester->opt, allocator, "h2;http/1.1");
99
100 aws_tls_connection_options_set_server_name(&tester->opt, allocator, &server_name);
101
102 return AWS_OP_SUCCESS;
103 }
104
s_tls_opt_tester_clean_up(struct tls_opt_tester * tester)105 static int s_tls_opt_tester_clean_up(struct tls_opt_tester *tester) {
106 aws_tls_connection_options_clean_up(&tester->opt);
107 aws_tls_ctx_options_clean_up(&tester->ctx_options);
108 aws_tls_ctx_release(tester->ctx);
109 return AWS_OP_SUCCESS;
110 }
111
112 /* common structure for test */
113 struct tls_common_tester {
114 struct aws_mutex mutex;
115 struct aws_condition_variable condition_variable;
116 struct aws_event_loop_group *el_group;
117 struct aws_host_resolver *resolver;
118 struct aws_atomic_var current_time_ns;
119 struct aws_atomic_var stats_handler;
120 };
121
122 static struct tls_common_tester c_tester;
123
124 /* common structure for a tls local server */
125 struct tls_local_server_tester {
126 struct aws_socket_options socket_options;
127 struct tls_opt_tester server_tls_opt_tester;
128 struct aws_socket_endpoint endpoint;
129 struct aws_server_bootstrap *server_bootstrap;
130 struct aws_socket *listener;
131 uint64_t timestamp;
132 };
133
s_tls_test_arg_init(struct aws_allocator * allocator,struct tls_test_args * test_arg,bool server,struct tls_common_tester * tls_c_tester)134 static int s_tls_test_arg_init(
135 struct aws_allocator *allocator,
136 struct tls_test_args *test_arg,
137 bool server,
138 struct tls_common_tester *tls_c_tester) {
139 AWS_ZERO_STRUCT(*test_arg);
140 test_arg->mutex = &tls_c_tester->mutex;
141 test_arg->condition_variable = &tls_c_tester->condition_variable;
142 test_arg->allocator = allocator;
143 test_arg->server = server;
144 test_arg->desired_tls_levels = 1;
145
146 return AWS_OP_SUCCESS;
147 }
148
s_tls_common_tester_init(struct aws_allocator * allocator,struct tls_common_tester * tester)149 static int s_tls_common_tester_init(struct aws_allocator *allocator, struct tls_common_tester *tester) {
150 AWS_ZERO_STRUCT(*tester);
151
152 struct aws_mutex mutex = AWS_MUTEX_INIT;
153 struct aws_condition_variable condition_variable = AWS_CONDITION_VARIABLE_INIT;
154 tester->mutex = mutex;
155 tester->condition_variable = condition_variable;
156 aws_atomic_store_int(&tester->current_time_ns, 0);
157 aws_atomic_store_ptr(&tester->stats_handler, NULL);
158
159 tester->el_group = aws_event_loop_group_new_default(allocator, 0, NULL);
160
161 struct aws_host_resolver_default_options resolver_options = {
162 .el_group = tester->el_group,
163 .max_entries = 1,
164 };
165 tester->resolver = aws_host_resolver_new_default(allocator, &resolver_options);
166
167 return AWS_OP_SUCCESS;
168 }
169
s_tls_common_tester_clean_up(struct tls_common_tester * tester)170 static int s_tls_common_tester_clean_up(struct tls_common_tester *tester) {
171 aws_host_resolver_release(tester->resolver);
172 aws_event_loop_group_release(tester->el_group);
173
174 aws_io_library_clean_up();
175
176 aws_condition_variable_clean_up(&tester->condition_variable);
177 aws_mutex_clean_up(&tester->mutex);
178 return AWS_OP_SUCCESS;
179 }
180
s_tls_channel_shutdown_predicate(void * user_data)181 static bool s_tls_channel_shutdown_predicate(void *user_data) {
182 struct tls_test_args *setup_test_args = user_data;
183 return setup_test_args->shutdown_finished || setup_test_args->last_error_code == AWS_IO_SOCKET_TIMEOUT ||
184 (setup_test_args->expects_error && setup_test_args->error_invoked);
185 }
186
s_tls_listener_destroy_predicate(void * user_data)187 static bool s_tls_listener_destroy_predicate(void *user_data) {
188 struct tls_test_args *setup_test_args = user_data;
189 return setup_test_args->listener_destroyed || setup_test_args->last_error_code == AWS_IO_SOCKET_TIMEOUT;
190 }
191
s_tls_channel_setup_predicate(void * user_data)192 static bool s_tls_channel_setup_predicate(void *user_data) {
193 struct tls_test_args *setup_test_args = user_data;
194 return (setup_test_args->tls_levels_negotiated == setup_test_args->desired_tls_levels &&
195 setup_test_args->setup_callback_invoked) ||
196 setup_test_args->error_invoked;
197 }
198
199 /*
200 * test args mutex must be held before calling this function
201 */
s_aws_check_for_user_handler_setup(struct tls_test_args * setup_test_args)202 static void s_aws_check_for_user_handler_setup(struct tls_test_args *setup_test_args) {
203 if (setup_test_args->tls_levels_negotiated == setup_test_args->desired_tls_levels &&
204 setup_test_args->setup_callback_invoked) {
205 if (setup_test_args->rw_handler) {
206 struct aws_channel *channel = setup_test_args->channel;
207 struct aws_channel_slot *rw_slot = aws_channel_slot_new(channel);
208 aws_channel_slot_insert_end(channel, rw_slot);
209 aws_channel_slot_set_handler(rw_slot, setup_test_args->rw_handler);
210 setup_test_args->rw_slot = rw_slot;
211 }
212 }
213 }
214
s_add_tls_handler_to_end_of_channel(struct tls_test_args * setup_test_args)215 static int s_add_tls_handler_to_end_of_channel(struct tls_test_args *setup_test_args) {
216 AWS_FATAL_ASSERT(setup_test_args->desired_tls_levels > 1);
217 AWS_FATAL_ASSERT(!setup_test_args->server);
218
219 struct aws_channel_slot *last_slot = aws_channel_get_first_slot(setup_test_args->channel);
220 while (last_slot->adj_right) {
221 last_slot = last_slot->adj_right;
222 }
223
224 return aws_channel_setup_client_tls(last_slot, setup_test_args->tls_options);
225 }
226
s_on_channel_setup_next_tls_handler(struct tls_test_args * setup_test_args)227 static int s_on_channel_setup_next_tls_handler(struct tls_test_args *setup_test_args) {
228 if (setup_test_args->tls_levels_negotiated < setup_test_args->desired_tls_levels) {
229 ASSERT_SUCCESS(s_add_tls_handler_to_end_of_channel(setup_test_args));
230 }
231
232 return AWS_OP_SUCCESS;
233 }
234
s_on_tls_negotiated_next_tls_handler(struct tls_test_args * setup_test_args)235 static int s_on_tls_negotiated_next_tls_handler(struct tls_test_args *setup_test_args) {
236 if (!setup_test_args->setup_callback_invoked) {
237 return AWS_OP_SUCCESS;
238 }
239
240 if (setup_test_args->tls_levels_negotiated < setup_test_args->desired_tls_levels) {
241 ASSERT_SUCCESS(s_add_tls_handler_to_end_of_channel(setup_test_args));
242 }
243
244 return AWS_OP_SUCCESS;
245 }
246
s_tls_handler_test_client_setup_callback(struct aws_client_bootstrap * bootstrap,int error_code,struct aws_channel * channel,void * user_data)247 static void s_tls_handler_test_client_setup_callback(
248 struct aws_client_bootstrap *bootstrap,
249 int error_code,
250 struct aws_channel *channel,
251 void *user_data) {
252
253 (void)bootstrap;
254
255 struct tls_test_args *setup_test_args = user_data;
256 aws_mutex_lock(setup_test_args->mutex);
257
258 setup_test_args->setup_callback_invoked = true;
259
260 if (!error_code) {
261 setup_test_args->channel = channel;
262 s_aws_check_for_user_handler_setup(setup_test_args);
263 s_on_channel_setup_next_tls_handler(setup_test_args);
264 } else {
265 setup_test_args->error_invoked = true;
266 setup_test_args->last_error_code = error_code;
267 }
268
269 aws_mutex_unlock(setup_test_args->mutex);
270 aws_condition_variable_notify_one(setup_test_args->condition_variable);
271 }
272
s_tls_handler_test_server_setup_callback(struct aws_server_bootstrap * bootstrap,int error_code,struct aws_channel * channel,void * user_data)273 static void s_tls_handler_test_server_setup_callback(
274 struct aws_server_bootstrap *bootstrap,
275 int error_code,
276 struct aws_channel *channel,
277 void *user_data) {
278
279 (void)bootstrap;
280
281 struct tls_test_args *setup_test_args = (struct tls_test_args *)user_data;
282
283 aws_mutex_lock(setup_test_args->mutex);
284 setup_test_args->setup_callback_invoked = true;
285 if (!error_code) {
286 setup_test_args->channel = channel;
287 } else {
288 setup_test_args->error_invoked = true;
289 setup_test_args->last_error_code = error_code;
290 }
291
292 s_aws_check_for_user_handler_setup(setup_test_args);
293
294 aws_mutex_unlock(setup_test_args->mutex);
295 aws_condition_variable_notify_one(setup_test_args->condition_variable);
296 }
297
s_tls_handler_test_client_shutdown_callback(struct aws_client_bootstrap * bootstrap,int error_code,struct aws_channel * channel,void * user_data)298 static void s_tls_handler_test_client_shutdown_callback(
299 struct aws_client_bootstrap *bootstrap,
300 int error_code,
301 struct aws_channel *channel,
302 void *user_data) {
303
304 (void)bootstrap;
305 (void)error_code;
306 (void)channel;
307
308 struct tls_test_args *setup_test_args = (struct tls_test_args *)user_data;
309
310 aws_mutex_lock(setup_test_args->mutex);
311 setup_test_args->shutdown_finished = true;
312 aws_mutex_unlock(setup_test_args->mutex);
313 aws_condition_variable_notify_one(setup_test_args->condition_variable);
314 }
315
s_tls_handler_test_server_shutdown_callback(struct aws_server_bootstrap * bootstrap,int error_code,struct aws_channel * channel,void * user_data)316 static void s_tls_handler_test_server_shutdown_callback(
317 struct aws_server_bootstrap *bootstrap,
318 int error_code,
319 struct aws_channel *channel,
320 void *user_data) {
321
322 (void)bootstrap;
323 (void)error_code;
324 (void)channel;
325
326 struct tls_test_args *setup_test_args = (struct tls_test_args *)user_data;
327
328 aws_mutex_lock(setup_test_args->mutex);
329 setup_test_args->shutdown_finished = true;
330 aws_mutex_unlock(setup_test_args->mutex);
331 aws_condition_variable_notify_one(setup_test_args->condition_variable);
332 }
333
s_tls_handler_test_server_listener_destroy_callback(struct aws_server_bootstrap * bootstrap,void * user_data)334 static void s_tls_handler_test_server_listener_destroy_callback(
335 struct aws_server_bootstrap *bootstrap,
336 void *user_data) {
337 (void)bootstrap;
338
339 struct tls_test_args *setup_test_args = (struct tls_test_args *)user_data;
340 aws_mutex_lock(setup_test_args->mutex);
341 setup_test_args->listener_destroyed = true;
342 aws_mutex_unlock(setup_test_args->mutex);
343
344 aws_condition_variable_notify_one(setup_test_args->condition_variable);
345 }
346
s_tls_on_negotiated(struct aws_channel_handler * handler,struct aws_channel_slot * slot,int err_code,void * user_data)347 static void s_tls_on_negotiated(
348 struct aws_channel_handler *handler,
349 struct aws_channel_slot *slot,
350 int err_code,
351 void *user_data) {
352
353 (void)slot;
354 struct tls_test_args *setup_test_args = (struct tls_test_args *)user_data;
355
356 if (!err_code) {
357 aws_mutex_lock(setup_test_args->mutex);
358
359 if (aws_tls_is_alpn_available()) {
360 setup_test_args->negotiated_protocol = aws_tls_handler_protocol(handler);
361 }
362 setup_test_args->server_name = aws_tls_handler_server_name(handler);
363 ++setup_test_args->tls_levels_negotiated;
364
365 s_aws_check_for_user_handler_setup(setup_test_args);
366 s_on_tls_negotiated_next_tls_handler(setup_test_args);
367
368 aws_mutex_unlock(setup_test_args->mutex);
369 }
370
371 aws_condition_variable_notify_one(setup_test_args->condition_variable);
372 }
373
s_tls_local_server_tester_init(struct aws_allocator * allocator,struct tls_local_server_tester * tester,struct tls_test_args * args,struct tls_common_tester * tls_c_tester,bool enable_back_pressure,int server_index)374 static int s_tls_local_server_tester_init(
375 struct aws_allocator *allocator,
376 struct tls_local_server_tester *tester,
377 struct tls_test_args *args,
378 struct tls_common_tester *tls_c_tester,
379 bool enable_back_pressure,
380 int server_index) {
381 AWS_ZERO_STRUCT(*tester);
382 ASSERT_SUCCESS(s_tls_server_opt_tester_init(allocator, &tester->server_tls_opt_tester));
383 aws_tls_connection_options_set_callbacks(&tester->server_tls_opt_tester.opt, s_tls_on_negotiated, NULL, NULL, args);
384 tester->socket_options.connect_timeout_ms = 3000;
385 tester->socket_options.type = AWS_SOCKET_STREAM;
386 tester->socket_options.domain = AWS_SOCKET_LOCAL;
387 ASSERT_SUCCESS(aws_sys_clock_get_ticks(&tester->timestamp));
388 sprintf(tester->endpoint.address, LOCAL_SOCK_TEST_PATTERN, (long long unsigned)tester->timestamp, server_index);
389 tester->server_bootstrap = aws_server_bootstrap_new(allocator, tls_c_tester->el_group);
390 ASSERT_NOT_NULL(tester->server_bootstrap);
391
392 struct aws_server_socket_channel_bootstrap_options bootstrap_options = {
393 .bootstrap = tester->server_bootstrap,
394 .enable_read_back_pressure = enable_back_pressure,
395 .port = tester->endpoint.port,
396 .host_name = tester->endpoint.address,
397 .socket_options = &tester->socket_options,
398 .incoming_callback = s_tls_handler_test_server_setup_callback,
399 .shutdown_callback = s_tls_handler_test_server_shutdown_callback,
400 .destroy_callback = s_tls_handler_test_server_listener_destroy_callback,
401 .tls_options = &tester->server_tls_opt_tester.opt,
402 .user_data = args,
403 };
404 tester->listener = aws_server_bootstrap_new_socket_listener(&bootstrap_options);
405 ASSERT_NOT_NULL(tester->listener);
406
407 return AWS_OP_SUCCESS;
408 }
409
s_tls_local_server_tester_clean_up(struct tls_local_server_tester * tester)410 static int s_tls_local_server_tester_clean_up(struct tls_local_server_tester *tester) {
411 ASSERT_SUCCESS(s_tls_opt_tester_clean_up(&tester->server_tls_opt_tester));
412 aws_server_bootstrap_release(tester->server_bootstrap);
413 return AWS_OP_SUCCESS;
414 }
415
416 struct tls_test_rw_args {
417 struct aws_mutex *mutex;
418 struct aws_condition_variable *condition_variable;
419 struct aws_byte_buf received_message;
420 int read_invocations;
421 bool invocation_happened;
422 };
423
s_tls_rw_args_init(struct tls_test_rw_args * args,struct tls_common_tester * tls_c_tester,struct aws_byte_buf received_message)424 static int s_tls_rw_args_init(
425 struct tls_test_rw_args *args,
426 struct tls_common_tester *tls_c_tester,
427 struct aws_byte_buf received_message) {
428 AWS_ZERO_STRUCT(*args);
429 args->mutex = &tls_c_tester->mutex;
430 args->condition_variable = &tls_c_tester->condition_variable;
431 args->received_message = received_message;
432 return AWS_OP_SUCCESS;
433 }
434
s_tls_test_read_predicate(void * user_data)435 static bool s_tls_test_read_predicate(void *user_data) {
436 struct tls_test_rw_args *rw_args = (struct tls_test_rw_args *)user_data;
437
438 return rw_args->invocation_happened;
439 }
440
s_tls_test_handle_read(struct aws_channel_handler * handler,struct aws_channel_slot * slot,struct aws_byte_buf * data_read,void * user_data)441 static struct aws_byte_buf s_tls_test_handle_read(
442 struct aws_channel_handler *handler,
443 struct aws_channel_slot *slot,
444 struct aws_byte_buf *data_read,
445 void *user_data) {
446
447 (void)handler;
448 (void)slot;
449
450 struct tls_test_rw_args *rw_args = (struct tls_test_rw_args *)user_data;
451 aws_mutex_lock(rw_args->mutex);
452
453 aws_byte_buf_write_from_whole_buffer(&rw_args->received_message, *data_read);
454 rw_args->read_invocations += 1;
455 rw_args->invocation_happened = true;
456
457 aws_mutex_unlock(rw_args->mutex);
458 aws_condition_variable_notify_one(rw_args->condition_variable);
459
460 return rw_args->received_message;
461 }
462
s_tls_test_handle_write(struct aws_channel_handler * handler,struct aws_channel_slot * slot,struct aws_byte_buf * data_read,void * user_data)463 static struct aws_byte_buf s_tls_test_handle_write(
464 struct aws_channel_handler *handler,
465 struct aws_channel_slot *slot,
466 struct aws_byte_buf *data_read,
467 void *user_data) {
468
469 (void)handler;
470 (void)slot;
471 (void)data_read;
472 (void)user_data;
473
474 /*do nothing*/
475 return (struct aws_byte_buf){0};
476 }
477
s_tls_channel_echo_and_backpressure_test_fn(struct aws_allocator * allocator,void * ctx)478 static int s_tls_channel_echo_and_backpressure_test_fn(struct aws_allocator *allocator, void *ctx) {
479 (void)ctx;
480 aws_io_library_init(allocator);
481 ASSERT_SUCCESS(s_tls_common_tester_init(allocator, &c_tester));
482
483 struct aws_byte_buf read_tag = aws_byte_buf_from_c_str("I'm a little teapot.");
484 struct aws_byte_buf write_tag = aws_byte_buf_from_c_str("I'm a big teapot");
485
486 uint8_t incoming_received_message[128] = {0};
487 uint8_t outgoing_received_message[128] = {0};
488
489 struct tls_test_rw_args incoming_rw_args;
490 ASSERT_SUCCESS(s_tls_rw_args_init(
491 &incoming_rw_args,
492 &c_tester,
493 aws_byte_buf_from_empty_array(incoming_received_message, sizeof(incoming_received_message))));
494
495 struct tls_test_rw_args outgoing_rw_args;
496 ASSERT_SUCCESS(s_tls_rw_args_init(
497 &outgoing_rw_args,
498 &c_tester,
499 aws_byte_buf_from_empty_array(outgoing_received_message, sizeof(outgoing_received_message))));
500
501 struct tls_test_args outgoing_args;
502 ASSERT_SUCCESS(s_tls_test_arg_init(allocator, &outgoing_args, false, &c_tester));
503
504 struct tls_test_args incoming_args;
505 ASSERT_SUCCESS(s_tls_test_arg_init(allocator, &incoming_args, true, &c_tester));
506
507 struct tls_local_server_tester local_server_tester;
508 ASSERT_SUCCESS(s_tls_local_server_tester_init(allocator, &local_server_tester, &incoming_args, &c_tester, true, 1));
509 /* make the windows small to make sure back pressure is honored. */
510 struct aws_channel_handler *outgoing_rw_handler = rw_handler_new(
511 allocator, s_tls_test_handle_read, s_tls_test_handle_write, true, write_tag.len / 2, &outgoing_rw_args);
512 ASSERT_NOT_NULL(outgoing_rw_handler);
513
514 struct aws_channel_handler *incoming_rw_handler = rw_handler_new(
515 allocator, s_tls_test_handle_read, s_tls_test_handle_write, true, read_tag.len / 2, &incoming_rw_args);
516 ASSERT_NOT_NULL(incoming_rw_handler);
517
518 incoming_args.rw_handler = incoming_rw_handler;
519 outgoing_args.rw_handler = outgoing_rw_handler;
520
521 g_aws_channel_max_fragment_size = 4096;
522
523 struct tls_opt_tester client_tls_opt_tester;
524 struct aws_byte_cursor server_name = aws_byte_cursor_from_c_str("localhost");
525 ASSERT_SUCCESS(s_tls_client_opt_tester_init(allocator, &client_tls_opt_tester, server_name));
526 aws_tls_connection_options_set_callbacks(
527 &client_tls_opt_tester.opt, s_tls_on_negotiated, NULL, NULL, &outgoing_args);
528
529 struct aws_client_bootstrap_options bootstrap_options = {
530 .event_loop_group = c_tester.el_group,
531 .host_resolver = c_tester.resolver,
532 };
533 struct aws_client_bootstrap *client_bootstrap = aws_client_bootstrap_new(allocator, &bootstrap_options);
534
535 struct aws_socket_channel_bootstrap_options channel_options;
536 AWS_ZERO_STRUCT(channel_options);
537 channel_options.bootstrap = client_bootstrap;
538 channel_options.host_name = local_server_tester.endpoint.address;
539 channel_options.port = 0;
540 channel_options.socket_options = &local_server_tester.socket_options;
541 channel_options.tls_options = &client_tls_opt_tester.opt;
542 channel_options.setup_callback = s_tls_handler_test_client_setup_callback;
543 channel_options.shutdown_callback = s_tls_handler_test_client_shutdown_callback;
544 channel_options.user_data = &outgoing_args;
545 channel_options.enable_read_back_pressure = true;
546
547 ASSERT_SUCCESS(aws_client_bootstrap_new_socket_channel(&channel_options));
548
549 /* put this here to verify ownership semantics are correct. This should NOT cause a segfault. If it does, ya
550 * done messed up. */
551 aws_tls_connection_options_clean_up(&client_tls_opt_tester.opt);
552 /* wait for both ends to setup */
553 ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex));
554 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
555 &c_tester.condition_variable, &c_tester.mutex, s_tls_channel_setup_predicate, &incoming_args));
556 ASSERT_SUCCESS(aws_mutex_unlock(&c_tester.mutex));
557 ASSERT_FALSE(incoming_args.error_invoked);
558
559 /* currently it seems ALPN doesn't work in server mode. Just leaving this check out for now. */
560 # ifndef __APPLE__
561 struct aws_byte_buf expected_protocol = aws_byte_buf_from_c_str("h2");
562
563 /* check ALPN and SNI was properly negotiated */
564 if (aws_tls_is_alpn_available()) {
565 ASSERT_BIN_ARRAYS_EQUALS(
566 expected_protocol.buffer,
567 expected_protocol.len,
568 incoming_args.negotiated_protocol.buffer,
569 incoming_args.negotiated_protocol.len);
570 }
571 # endif
572
573 ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex));
574 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
575 &c_tester.condition_variable, &c_tester.mutex, s_tls_channel_setup_predicate, &outgoing_args));
576 ASSERT_SUCCESS(aws_mutex_unlock(&c_tester.mutex));
577 ASSERT_FALSE(outgoing_args.error_invoked);
578
579 /* currently it seems ALPN doesn't work in server mode. Just leaving this check out for now. */
580 # ifndef __MACH__
581 if (aws_tls_is_alpn_available()) {
582 ASSERT_BIN_ARRAYS_EQUALS(
583 expected_protocol.buffer,
584 expected_protocol.len,
585 outgoing_args.negotiated_protocol.buffer,
586 outgoing_args.negotiated_protocol.len);
587 }
588 # endif
589
590 ASSERT_FALSE(outgoing_args.error_invoked);
591
592 /* Do the IO operations */
593 rw_handler_write(outgoing_args.rw_handler, outgoing_args.rw_slot, &write_tag);
594 rw_handler_write(incoming_args.rw_handler, incoming_args.rw_slot, &read_tag);
595 ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex));
596 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
597 &c_tester.condition_variable, &c_tester.mutex, s_tls_test_read_predicate, &incoming_rw_args));
598 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
599 &c_tester.condition_variable, &c_tester.mutex, s_tls_test_read_predicate, &outgoing_rw_args));
600 ASSERT_SUCCESS(aws_mutex_unlock(&c_tester.mutex));
601
602 incoming_rw_args.invocation_happened = false;
603 outgoing_rw_args.invocation_happened = false;
604
605 ASSERT_INT_EQUALS(1, outgoing_rw_args.read_invocations);
606 ASSERT_INT_EQUALS(1, incoming_rw_args.read_invocations);
607
608 /* Go ahead and verify back-pressure works*/
609 rw_handler_trigger_increment_read_window(incoming_args.rw_handler, incoming_args.rw_slot, 100);
610 rw_handler_trigger_increment_read_window(outgoing_args.rw_handler, outgoing_args.rw_slot, 100);
611
612 ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex));
613 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
614 &c_tester.condition_variable, &c_tester.mutex, s_tls_test_read_predicate, &incoming_rw_args));
615 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
616 &c_tester.condition_variable, &c_tester.mutex, s_tls_test_read_predicate, &outgoing_rw_args));
617 ASSERT_SUCCESS(aws_mutex_unlock(&c_tester.mutex));
618
619 ASSERT_INT_EQUALS(2, outgoing_rw_args.read_invocations);
620 ASSERT_INT_EQUALS(2, incoming_rw_args.read_invocations);
621
622 ASSERT_BIN_ARRAYS_EQUALS(
623 write_tag.buffer,
624 write_tag.len,
625 incoming_rw_args.received_message.buffer,
626 incoming_rw_args.received_message.len);
627 ASSERT_BIN_ARRAYS_EQUALS(
628 read_tag.buffer, read_tag.len, outgoing_rw_args.received_message.buffer, outgoing_rw_args.received_message.len);
629
630 aws_channel_shutdown(incoming_args.channel, AWS_OP_SUCCESS);
631 ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex));
632 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
633 &c_tester.condition_variable, &c_tester.mutex, s_tls_channel_shutdown_predicate, &incoming_args));
634 ASSERT_SUCCESS(aws_mutex_unlock(&c_tester.mutex));
635
636 /*no shutdown on the client necessary here (it should have been triggered by shutting down the other side). just
637 * wait for the event to fire. */
638 ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex));
639 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
640 &c_tester.condition_variable, &c_tester.mutex, s_tls_channel_shutdown_predicate, &outgoing_args));
641 aws_server_bootstrap_destroy_socket_listener(local_server_tester.server_bootstrap, local_server_tester.listener);
642 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
643 &c_tester.condition_variable, &c_tester.mutex, s_tls_listener_destroy_predicate, &incoming_args));
644 aws_mutex_unlock(&c_tester.mutex);
645 /* clean up */
646 ASSERT_SUCCESS(s_tls_opt_tester_clean_up(&client_tls_opt_tester));
647 aws_client_bootstrap_release(client_bootstrap);
648 ASSERT_SUCCESS(s_tls_local_server_tester_clean_up(&local_server_tester));
649 ASSERT_SUCCESS(s_tls_common_tester_clean_up(&c_tester));
650
651 return AWS_OP_SUCCESS;
652 }
653
654 AWS_TEST_CASE(tls_channel_echo_and_backpressure_test, s_tls_channel_echo_and_backpressure_test_fn)
655
656 struct default_host_callback_data {
657 struct aws_host_address aaaa_address;
658 struct aws_host_address a_address;
659 bool has_aaaa_address;
660 bool has_a_address;
661 struct aws_condition_variable condition_variable;
662 bool invoked;
663 };
664
s_verify_negotiation_fails_helper(struct aws_allocator * allocator,const char * host_name,struct aws_tls_ctx_options * client_ctx_options)665 static int s_verify_negotiation_fails_helper(
666 struct aws_allocator *allocator,
667 const char *host_name,
668 struct aws_tls_ctx_options *client_ctx_options) {
669 struct aws_tls_ctx *client_ctx = aws_tls_client_ctx_new(allocator, client_ctx_options);
670
671 struct aws_tls_connection_options tls_client_conn_options;
672 aws_tls_connection_options_init_from_ctx(&tls_client_conn_options, client_ctx);
673 aws_tls_connection_options_set_callbacks(&tls_client_conn_options, s_tls_on_negotiated, NULL, NULL, NULL);
674 struct aws_byte_cursor host_name_cur = aws_byte_cursor_from_c_str(host_name);
675 aws_tls_connection_options_set_server_name(&tls_client_conn_options, allocator, &host_name_cur);
676
677 struct tls_test_args outgoing_args = {
678 .mutex = &c_tester.mutex,
679 .allocator = allocator,
680 .condition_variable = &c_tester.condition_variable,
681 .error_invoked = false,
682 .expects_error = true,
683 .rw_handler = NULL,
684 .server = false,
685 .tls_levels_negotiated = 0,
686 .desired_tls_levels = 1,
687 .shutdown_finished = false,
688 };
689
690 tls_client_conn_options.user_data = &outgoing_args;
691
692 struct aws_socket_options options;
693 AWS_ZERO_STRUCT(options);
694 /* badssl.com is great but has occasional lags, make this timeout longer so we have a
695 higher chance of actually testing something. */
696 options.connect_timeout_ms = 10000;
697 options.type = AWS_SOCKET_STREAM;
698 options.domain = AWS_SOCKET_IPV4;
699
700 struct aws_client_bootstrap_options bootstrap_options = {
701 .event_loop_group = c_tester.el_group,
702 .host_resolver = c_tester.resolver,
703 };
704 struct aws_client_bootstrap *client_bootstrap = aws_client_bootstrap_new(allocator, &bootstrap_options);
705 ASSERT_NOT_NULL(client_bootstrap);
706
707 struct aws_socket_channel_bootstrap_options channel_options;
708 AWS_ZERO_STRUCT(channel_options);
709 channel_options.bootstrap = client_bootstrap;
710 channel_options.host_name = host_name;
711 channel_options.port = 443;
712 channel_options.socket_options = &options;
713 channel_options.tls_options = &tls_client_conn_options;
714 channel_options.setup_callback = s_tls_handler_test_client_setup_callback;
715 channel_options.shutdown_callback = s_tls_handler_test_client_shutdown_callback;
716 channel_options.user_data = &outgoing_args;
717
718 ASSERT_SUCCESS(aws_client_bootstrap_new_socket_channel(&channel_options));
719
720 /* put this here to verify ownership semantics are correct. This should NOT cause a segfault. If it does, ya
721 * done messed up. */
722 aws_tls_connection_options_clean_up(&tls_client_conn_options);
723 ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex));
724 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
725 &c_tester.condition_variable, &c_tester.mutex, s_tls_channel_shutdown_predicate, &outgoing_args));
726 ASSERT_SUCCESS(aws_mutex_unlock(&c_tester.mutex));
727
728 ASSERT_TRUE(outgoing_args.error_invoked);
729
730 /* we're talking to an external internet endpoint, yeah this sucks... we don't know for sure that
731 this failed for the right reasons, but there's not much we can do about it.*/
732 if (outgoing_args.last_error_code != AWS_IO_SOCKET_TIMEOUT) {
733 ASSERT_INT_EQUALS(AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE, outgoing_args.last_error_code);
734 } else {
735 fprintf(
736 stderr,
737 "Warning: the connection timed out and we're not completely certain"
738 " that this fails for the right reasons. Maybe run the test again?\n");
739 }
740 aws_client_bootstrap_release(client_bootstrap);
741
742 aws_tls_ctx_release(client_ctx);
743
744 return AWS_OP_SUCCESS;
745 }
746
s_verify_negotiation_fails(struct aws_allocator * allocator,const char * host_name)747 static int s_verify_negotiation_fails(struct aws_allocator *allocator, const char *host_name) {
748
749 aws_io_library_init(allocator);
750
751 ASSERT_SUCCESS(s_tls_common_tester_init(allocator, &c_tester));
752
753 struct aws_tls_ctx_options client_ctx_options;
754 aws_tls_ctx_options_init_default_client(&client_ctx_options, allocator);
755
756 ASSERT_SUCCESS(s_verify_negotiation_fails_helper(allocator, host_name, &client_ctx_options));
757
758 aws_tls_ctx_options_clean_up(&client_ctx_options);
759 ASSERT_SUCCESS(s_tls_common_tester_clean_up(&c_tester));
760
761 return AWS_OP_SUCCESS;
762 }
763
s_verify_negotiation_fails_with_ca_override(struct aws_allocator * allocator,const char * host_name,const char * root_ca_path)764 static int s_verify_negotiation_fails_with_ca_override(
765 struct aws_allocator *allocator,
766 const char *host_name,
767 const char *root_ca_path) {
768
769 aws_io_library_init(allocator);
770
771 ASSERT_SUCCESS(s_tls_common_tester_init(allocator, &c_tester));
772
773 struct aws_tls_ctx_options client_ctx_options;
774 aws_tls_ctx_options_init_default_client(&client_ctx_options, allocator);
775
776 ASSERT_SUCCESS(aws_tls_ctx_options_override_default_trust_store_from_path(&client_ctx_options, NULL, root_ca_path));
777
778 ASSERT_SUCCESS(s_verify_negotiation_fails_helper(allocator, host_name, &client_ctx_options));
779
780 aws_tls_ctx_options_clean_up(&client_ctx_options);
781 ASSERT_SUCCESS(s_tls_common_tester_clean_up(&c_tester));
782
783 return AWS_OP_SUCCESS;
784 }
785
s_tls_client_channel_negotiation_error_expired_fn(struct aws_allocator * allocator,void * ctx)786 static int s_tls_client_channel_negotiation_error_expired_fn(struct aws_allocator *allocator, void *ctx) {
787 (void)ctx;
788
789 return s_verify_negotiation_fails(allocator, "expired.badssl.com");
790 }
791
AWS_TEST_CASE(tls_client_channel_negotiation_error_expired,s_tls_client_channel_negotiation_error_expired_fn)792 AWS_TEST_CASE(tls_client_channel_negotiation_error_expired, s_tls_client_channel_negotiation_error_expired_fn)
793
794 static int s_tls_client_channel_negotiation_error_wrong_host_fn(struct aws_allocator *allocator, void *ctx) {
795 (void)ctx;
796
797 return s_verify_negotiation_fails(allocator, "wrong.host.badssl.com");
798 }
799
AWS_TEST_CASE(tls_client_channel_negotiation_error_wrong_host,s_tls_client_channel_negotiation_error_wrong_host_fn)800 AWS_TEST_CASE(tls_client_channel_negotiation_error_wrong_host, s_tls_client_channel_negotiation_error_wrong_host_fn)
801
802 static int s_tls_client_channel_negotiation_error_wrong_host_with_ca_override_fn(
803 struct aws_allocator *allocator,
804 void *ctx) {
805 (void)ctx;
806
807 return s_verify_negotiation_fails_with_ca_override(
808 allocator, "wrong.host.badssl.com", "DigiCertGlobalRootCA.crt.pem");
809 }
810
AWS_TEST_CASE(tls_client_channel_negotiation_error_wrong_host_with_ca_override,s_tls_client_channel_negotiation_error_wrong_host_with_ca_override_fn)811 AWS_TEST_CASE(
812 tls_client_channel_negotiation_error_wrong_host_with_ca_override,
813 s_tls_client_channel_negotiation_error_wrong_host_with_ca_override_fn)
814
815 static int s_tls_client_channel_negotiation_error_self_signed_fn(struct aws_allocator *allocator, void *ctx) {
816 (void)ctx;
817
818 return s_verify_negotiation_fails(allocator, "self-signed.badssl.com");
819 }
820
AWS_TEST_CASE(tls_client_channel_negotiation_error_self_signed,s_tls_client_channel_negotiation_error_self_signed_fn)821 AWS_TEST_CASE(tls_client_channel_negotiation_error_self_signed, s_tls_client_channel_negotiation_error_self_signed_fn)
822
823 static int s_tls_client_channel_negotiation_error_untrusted_root_fn(struct aws_allocator *allocator, void *ctx) {
824 (void)ctx;
825
826 return s_verify_negotiation_fails(allocator, "untrusted-root.badssl.com");
827 }
828
829 AWS_TEST_CASE(
830 tls_client_channel_negotiation_error_untrusted_root,
831 s_tls_client_channel_negotiation_error_untrusted_root_fn);
832
833 /* negotiation should fail. www.amazon.com is obviously trusted by the default trust store,
834 * but we've overridden the default trust store */
s_tls_client_channel_negotiation_error_untrusted_root_due_to_ca_override_fn(struct aws_allocator * allocator,void * ctx)835 static int s_tls_client_channel_negotiation_error_untrusted_root_due_to_ca_override_fn(
836 struct aws_allocator *allocator,
837 void *ctx) {
838 (void)ctx;
839
840 return s_verify_negotiation_fails_with_ca_override(allocator, "www.amazon.com", "unittests.crt");
841 }
842
AWS_TEST_CASE(tls_client_channel_negotiation_error_untrusted_root_due_to_ca_override,s_tls_client_channel_negotiation_error_untrusted_root_due_to_ca_override_fn)843 AWS_TEST_CASE(
844 tls_client_channel_negotiation_error_untrusted_root_due_to_ca_override,
845 s_tls_client_channel_negotiation_error_untrusted_root_due_to_ca_override_fn)
846
847 static int s_tls_client_channel_negotiation_error_revoked_fn(struct aws_allocator *allocator, void *ctx) {
848 (void)ctx;
849
850 return s_verify_negotiation_fails(allocator, "revoked.badssl.com");
851 }
852
AWS_TEST_CASE(tls_client_channel_negotiation_error_revoked,s_tls_client_channel_negotiation_error_revoked_fn)853 AWS_TEST_CASE(tls_client_channel_negotiation_error_revoked, s_tls_client_channel_negotiation_error_revoked_fn)
854
855 static int s_tls_client_channel_negotiation_error_pinning_fn(struct aws_allocator *allocator, void *ctx) {
856 (void)ctx;
857
858 return s_verify_negotiation_fails(allocator, "pinning-test.badssl.com");
859 }
860
AWS_TEST_CASE(tls_client_channel_negotiation_error_pinning,s_tls_client_channel_negotiation_error_pinning_fn)861 AWS_TEST_CASE(tls_client_channel_negotiation_error_pinning, s_tls_client_channel_negotiation_error_pinning_fn)
862
863 /* Test that, if the channel shuts down unexpectedly during tls negotiation, that the user code is still notified.
864 * We make this happen by connecting to port 80 on s3 or amazon.com and attempting TLS,
865 * which gets you hung up on after a few seconds */
866 static int s_tls_client_channel_negotiation_error_socket_closed_fn(struct aws_allocator *allocator, void *ctx) {
867 (void)ctx;
868
869 const char *host_name = "aws-crt-test-stuff.s3.amazonaws.com";
870 uint16_t port = 80; /* Note: intentionally wrong and not 443 */
871
872 aws_io_library_init(allocator);
873
874 ASSERT_SUCCESS(s_tls_common_tester_init(allocator, &c_tester));
875
876 struct tls_opt_tester client_tls_opt_tester;
877 struct aws_byte_cursor server_name = aws_byte_cursor_from_c_str(host_name);
878 ASSERT_SUCCESS(s_tls_client_opt_tester_init(allocator, &client_tls_opt_tester, server_name));
879 client_tls_opt_tester.opt.timeout_ms = 0; /* disable negotiation timeout for this test */
880
881 struct tls_test_args outgoing_args;
882 ASSERT_SUCCESS(s_tls_test_arg_init(allocator, &outgoing_args, false, &c_tester));
883
884 struct aws_socket_options options = {
885 .connect_timeout_ms = 10000, .type = AWS_SOCKET_STREAM, .domain = AWS_SOCKET_IPV4};
886
887 struct aws_client_bootstrap_options bootstrap_options = {
888 .event_loop_group = c_tester.el_group,
889 .host_resolver = c_tester.resolver,
890 };
891 struct aws_client_bootstrap *client_bootstrap = aws_client_bootstrap_new(allocator, &bootstrap_options);
892 ASSERT_NOT_NULL(client_bootstrap);
893
894 struct aws_socket_channel_bootstrap_options channel_options;
895 AWS_ZERO_STRUCT(channel_options);
896 channel_options.bootstrap = client_bootstrap;
897 channel_options.host_name = host_name;
898 channel_options.port = port;
899 channel_options.socket_options = &options;
900 channel_options.tls_options = &client_tls_opt_tester.opt;
901 channel_options.setup_callback = s_tls_handler_test_client_setup_callback;
902 channel_options.shutdown_callback = s_tls_handler_test_client_shutdown_callback;
903 channel_options.user_data = &outgoing_args;
904
905 ASSERT_SUCCESS(aws_client_bootstrap_new_socket_channel(&channel_options));
906
907 /* Wait for setup to complete */
908 aws_mutex_lock(&c_tester.mutex);
909 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
910 &c_tester.condition_variable, &c_tester.mutex, s_tls_channel_setup_predicate, &outgoing_args));
911
912 /* Assert that setup failed, and that it failed for reasons unrelated to the tls-handler. */
913 ASSERT_INT_EQUALS(0, outgoing_args.tls_levels_negotiated);
914 ASSERT_TRUE(outgoing_args.error_invoked);
915 ASSERT_INT_EQUALS(AWS_IO_SOCKET_CLOSED, outgoing_args.last_error_code);
916
917 aws_mutex_unlock(&c_tester.mutex);
918
919 /* Clean up */
920 aws_client_bootstrap_release(client_bootstrap);
921
922 s_tls_opt_tester_clean_up(&client_tls_opt_tester);
923 ASSERT_SUCCESS(s_tls_common_tester_clean_up(&c_tester));
924
925 return AWS_OP_SUCCESS;
926 }
927
928 AWS_TEST_CASE(
929 tls_client_channel_negotiation_error_socket_closed,
930 s_tls_client_channel_negotiation_error_socket_closed_fn);
931
s_verify_negotiation_succeeds_helper(struct aws_allocator * allocator,const char * host_name,bool verify,const char * ca_file_path)932 static int s_verify_negotiation_succeeds_helper(
933 struct aws_allocator *allocator,
934 const char *host_name,
935 bool verify,
936 const char *ca_file_path) {
937
938 aws_io_library_init(allocator);
939
940 ASSERT_SUCCESS(s_tls_common_tester_init(allocator, &c_tester));
941
942 struct tls_test_args outgoing_args = {
943 .mutex = &c_tester.mutex,
944 .allocator = allocator,
945 .condition_variable = &c_tester.condition_variable,
946 .error_invoked = 0,
947 .rw_handler = NULL,
948 .server = false,
949 .tls_levels_negotiated = 0,
950 .desired_tls_levels = 1,
951 .shutdown_finished = false,
952 };
953
954 struct aws_tls_ctx_options client_ctx_options;
955 aws_tls_ctx_options_init_default_client(&client_ctx_options, allocator);
956 aws_tls_ctx_options_set_alpn_list(&client_ctx_options, "http/1.1");
957 aws_tls_ctx_options_set_verify_peer(&client_ctx_options, verify);
958 if (ca_file_path) {
959 ASSERT_SUCCESS(
960 aws_tls_ctx_options_override_default_trust_store_from_path(&client_ctx_options, NULL, ca_file_path));
961 }
962
963 struct aws_tls_ctx *client_ctx = aws_tls_client_ctx_new(allocator, &client_ctx_options);
964
965 struct aws_tls_connection_options tls_client_conn_options;
966 aws_tls_connection_options_init_from_ctx(&tls_client_conn_options, client_ctx);
967 aws_tls_connection_options_set_callbacks(&tls_client_conn_options, s_tls_on_negotiated, NULL, NULL, &outgoing_args);
968
969 struct aws_byte_cursor host_name_cur = aws_byte_cursor_from_c_str(host_name);
970 aws_tls_connection_options_set_server_name(&tls_client_conn_options, allocator, &host_name_cur);
971 aws_tls_connection_options_set_alpn_list(&tls_client_conn_options, allocator, "http/1.1");
972
973 struct aws_socket_options options;
974 AWS_ZERO_STRUCT(options);
975 options.connect_timeout_ms = 10000;
976 options.type = AWS_SOCKET_STREAM;
977 options.domain = AWS_SOCKET_IPV4;
978
979 struct aws_client_bootstrap_options bootstrap_options = {
980 .event_loop_group = c_tester.el_group,
981 .host_resolver = c_tester.resolver,
982 };
983 struct aws_client_bootstrap *client_bootstrap = aws_client_bootstrap_new(allocator, &bootstrap_options);
984 ASSERT_NOT_NULL(client_bootstrap);
985
986 struct aws_socket_channel_bootstrap_options channel_options;
987 AWS_ZERO_STRUCT(channel_options);
988 channel_options.bootstrap = client_bootstrap;
989 channel_options.host_name = host_name;
990 channel_options.port = 443;
991 channel_options.socket_options = &options;
992 channel_options.tls_options = &tls_client_conn_options;
993 channel_options.setup_callback = s_tls_handler_test_client_setup_callback;
994 channel_options.shutdown_callback = s_tls_handler_test_client_shutdown_callback;
995 channel_options.user_data = &outgoing_args;
996
997 ASSERT_SUCCESS(aws_client_bootstrap_new_socket_channel(&channel_options));
998
999 /* put this here to verify ownership semantics are correct. This should NOT cause a segfault. If it does, ya
1000 * done messed up. */
1001 aws_tls_connection_options_clean_up(&tls_client_conn_options);
1002
1003 ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex));
1004 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1005 &c_tester.condition_variable, &c_tester.mutex, s_tls_channel_setup_predicate, &outgoing_args));
1006 ASSERT_SUCCESS(aws_mutex_unlock(&c_tester.mutex));
1007
1008 ASSERT_FALSE(outgoing_args.error_invoked);
1009 struct aws_byte_buf expected_protocol = aws_byte_buf_from_c_str("http/1.1");
1010 /* check ALPN and SNI was properly negotiated */
1011
1012 if (aws_tls_is_alpn_available() && verify) {
1013 ASSERT_BIN_ARRAYS_EQUALS(
1014 expected_protocol.buffer,
1015 expected_protocol.len,
1016 outgoing_args.negotiated_protocol.buffer,
1017 outgoing_args.negotiated_protocol.len);
1018 }
1019
1020 ASSERT_BIN_ARRAYS_EQUALS(
1021 host_name, strlen(host_name), outgoing_args.server_name.buffer, outgoing_args.server_name.len);
1022
1023 ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex));
1024 aws_channel_shutdown(outgoing_args.channel, AWS_OP_SUCCESS);
1025 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1026 &c_tester.condition_variable, &c_tester.mutex, s_tls_channel_shutdown_predicate, &outgoing_args));
1027 ASSERT_SUCCESS(aws_mutex_unlock(&c_tester.mutex));
1028
1029 aws_client_bootstrap_release(client_bootstrap);
1030
1031 aws_tls_ctx_release(client_ctx);
1032 aws_tls_ctx_options_clean_up(&client_ctx_options);
1033 ASSERT_SUCCESS(s_tls_common_tester_clean_up(&c_tester));
1034
1035 return AWS_OP_SUCCESS;
1036 }
1037
s_verify_negotiation_succeeds(struct aws_allocator * allocator,const char * host_name)1038 static int s_verify_negotiation_succeeds(struct aws_allocator *allocator, const char *host_name) {
1039 return s_verify_negotiation_succeeds_helper(allocator, host_name, true /*verify*/, NULL /*ca*/);
1040 }
1041
s_verify_negotiation_succeeds_no_verify_peer(struct aws_allocator * allocator,const char * host_name)1042 static int s_verify_negotiation_succeeds_no_verify_peer(struct aws_allocator *allocator, const char *host_name) {
1043 return s_verify_negotiation_succeeds_helper(allocator, host_name, false /*verify*/, NULL /*ca*/);
1044 }
1045
s_tls_client_channel_negotiation_success_fn(struct aws_allocator * allocator,void * ctx)1046 static int s_tls_client_channel_negotiation_success_fn(struct aws_allocator *allocator, void *ctx) {
1047 (void)ctx;
1048
1049 return s_verify_negotiation_succeeds(allocator, "www.amazon.com");
1050 }
1051
AWS_TEST_CASE(tls_client_channel_negotiation_success,s_tls_client_channel_negotiation_success_fn)1052 AWS_TEST_CASE(tls_client_channel_negotiation_success, s_tls_client_channel_negotiation_success_fn)
1053
1054 static int s_tls_client_channel_negotiation_success_ecc256_fn(struct aws_allocator *allocator, void *ctx) {
1055 (void)ctx;
1056
1057 return s_verify_negotiation_succeeds(allocator, "ecc256.badssl.com");
1058 }
1059
AWS_TEST_CASE(tls_client_channel_negotiation_success_ecc256,s_tls_client_channel_negotiation_success_ecc256_fn)1060 AWS_TEST_CASE(tls_client_channel_negotiation_success_ecc256, s_tls_client_channel_negotiation_success_ecc256_fn)
1061
1062 static int s_tls_client_channel_negotiation_success_ecc384_fn(struct aws_allocator *allocator, void *ctx) {
1063 (void)ctx;
1064
1065 return s_verify_negotiation_succeeds(allocator, "ecc384.badssl.com");
1066 }
1067
AWS_TEST_CASE(tls_client_channel_negotiation_success_ecc384,s_tls_client_channel_negotiation_success_ecc384_fn)1068 AWS_TEST_CASE(tls_client_channel_negotiation_success_ecc384, s_tls_client_channel_negotiation_success_ecc384_fn)
1069
1070 /* prove that connections complete even when verify_peer is false */
1071 static int s_tls_client_channel_no_verify_fn(struct aws_allocator *allocator, void *ctx) {
1072 (void)ctx;
1073
1074 return s_verify_negotiation_succeeds_no_verify_peer(allocator, "s3.amazonaws.com");
1075 }
AWS_TEST_CASE(tls_client_channel_no_verify,s_tls_client_channel_no_verify_fn)1076 AWS_TEST_CASE(tls_client_channel_no_verify, s_tls_client_channel_no_verify_fn)
1077
1078 /* Check all of the bad tls cases with verify_peer off. Now they should succeed. */
1079
1080 static int s_tls_client_channel_negotiation_no_verify_expired_fn(struct aws_allocator *allocator, void *ctx) {
1081 (void)ctx;
1082
1083 return s_verify_negotiation_succeeds_no_verify_peer(allocator, "expired.badssl.com");
1084 }
1085
AWS_TEST_CASE(tls_client_channel_negotiation_no_verify_expired,s_tls_client_channel_negotiation_no_verify_expired_fn)1086 AWS_TEST_CASE(tls_client_channel_negotiation_no_verify_expired, s_tls_client_channel_negotiation_no_verify_expired_fn)
1087
1088 static int s_tls_client_channel_negotiation_no_verify_wrong_host_fn(struct aws_allocator *allocator, void *ctx) {
1089 (void)ctx;
1090
1091 return s_verify_negotiation_succeeds_no_verify_peer(allocator, "wrong.host.badssl.com");
1092 }
1093
AWS_TEST_CASE(tls_client_channel_negotiation_no_verify_wrong_host,s_tls_client_channel_negotiation_no_verify_wrong_host_fn)1094 AWS_TEST_CASE(
1095 tls_client_channel_negotiation_no_verify_wrong_host,
1096 s_tls_client_channel_negotiation_no_verify_wrong_host_fn)
1097
1098 static int s_tls_client_channel_negotiation_no_verify_self_signed_fn(struct aws_allocator *allocator, void *ctx) {
1099 (void)ctx;
1100
1101 return s_verify_negotiation_succeeds_no_verify_peer(allocator, "self-signed.badssl.com");
1102 }
1103
AWS_TEST_CASE(tls_client_channel_negotiation_no_verify_self_signed,s_tls_client_channel_negotiation_no_verify_self_signed_fn)1104 AWS_TEST_CASE(
1105 tls_client_channel_negotiation_no_verify_self_signed,
1106 s_tls_client_channel_negotiation_no_verify_self_signed_fn)
1107
1108 static int s_tls_client_channel_negotiation_no_verify_untrusted_root_fn(struct aws_allocator *allocator, void *ctx) {
1109 (void)ctx;
1110
1111 return s_verify_negotiation_succeeds_no_verify_peer(allocator, "untrusted-root.badssl.com");
1112 }
1113
AWS_TEST_CASE(tls_client_channel_negotiation_no_verify_untrusted_root,s_tls_client_channel_negotiation_no_verify_untrusted_root_fn)1114 AWS_TEST_CASE(
1115 tls_client_channel_negotiation_no_verify_untrusted_root,
1116 s_tls_client_channel_negotiation_no_verify_untrusted_root_fn)
1117
1118 static int s_tls_client_channel_negotiation_no_verify_revoked_fn(struct aws_allocator *allocator, void *ctx) {
1119 (void)ctx;
1120
1121 return s_verify_negotiation_succeeds_no_verify_peer(allocator, "revoked.badssl.com");
1122 }
1123
AWS_TEST_CASE(tls_client_channel_negotiation_no_verify_revoked,s_tls_client_channel_negotiation_no_verify_revoked_fn)1124 AWS_TEST_CASE(tls_client_channel_negotiation_no_verify_revoked, s_tls_client_channel_negotiation_no_verify_revoked_fn)
1125
1126 static int s_tls_client_channel_negotiation_no_verify_pinning_fn(struct aws_allocator *allocator, void *ctx) {
1127 (void)ctx;
1128
1129 return s_verify_negotiation_succeeds_no_verify_peer(allocator, "pinning-test.badssl.com");
1130 }
1131
AWS_TEST_CASE(tls_client_channel_negotiation_no_verify_pinning,s_tls_client_channel_negotiation_no_verify_pinning_fn)1132 AWS_TEST_CASE(tls_client_channel_negotiation_no_verify_pinning, s_tls_client_channel_negotiation_no_verify_pinning_fn)
1133
1134 static void s_reset_arg_state(struct tls_test_args *setup_test_args) {
1135 setup_test_args->tls_levels_negotiated = 0;
1136 setup_test_args->shutdown_finished = false;
1137 setup_test_args->creation_callback_invoked = false;
1138 setup_test_args->setup_callback_invoked = false;
1139 }
1140
s_tls_server_multiple_connections_fn(struct aws_allocator * allocator,void * ctx)1141 static int s_tls_server_multiple_connections_fn(struct aws_allocator *allocator, void *ctx) {
1142 (void)ctx;
1143
1144 aws_io_library_init(allocator);
1145
1146 ASSERT_SUCCESS(s_tls_common_tester_init(allocator, &c_tester));
1147
1148 struct tls_test_args outgoing_args;
1149 ASSERT_SUCCESS(s_tls_test_arg_init(allocator, &outgoing_args, false, &c_tester));
1150
1151 struct tls_test_args incoming_args;
1152 ASSERT_SUCCESS(s_tls_test_arg_init(allocator, &incoming_args, true, &c_tester));
1153
1154 struct tls_local_server_tester local_server_tester;
1155 ASSERT_SUCCESS(
1156 s_tls_local_server_tester_init(allocator, &local_server_tester, &incoming_args, &c_tester, false, 1));
1157
1158 struct tls_opt_tester client_tls_opt_tester;
1159 struct aws_byte_cursor server_name = aws_byte_cursor_from_c_str("localhost");
1160 ASSERT_SUCCESS(s_tls_client_opt_tester_init(allocator, &client_tls_opt_tester, server_name));
1161 aws_tls_connection_options_set_callbacks(
1162 &client_tls_opt_tester.opt, s_tls_on_negotiated, NULL, NULL, &outgoing_args);
1163
1164 struct aws_client_bootstrap_options bootstrap_options = {
1165 .event_loop_group = c_tester.el_group,
1166 .host_resolver = c_tester.resolver,
1167 };
1168 struct aws_client_bootstrap *client_bootstrap = aws_client_bootstrap_new(allocator, &bootstrap_options);
1169
1170 struct aws_socket_channel_bootstrap_options channel_options;
1171 AWS_ZERO_STRUCT(channel_options);
1172 channel_options.bootstrap = client_bootstrap;
1173 channel_options.host_name = local_server_tester.endpoint.address;
1174 channel_options.port = 0;
1175 channel_options.socket_options = &local_server_tester.socket_options;
1176 channel_options.tls_options = &client_tls_opt_tester.opt;
1177 channel_options.setup_callback = s_tls_handler_test_client_setup_callback;
1178 channel_options.shutdown_callback = s_tls_handler_test_client_shutdown_callback;
1179 channel_options.user_data = &outgoing_args;
1180
1181 ASSERT_SUCCESS(aws_client_bootstrap_new_socket_channel(&channel_options));
1182
1183 /* wait for both ends to setup */
1184 ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex));
1185 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1186 &c_tester.condition_variable, &c_tester.mutex, s_tls_channel_setup_predicate, &incoming_args));
1187 ASSERT_SUCCESS(aws_mutex_unlock(&c_tester.mutex));
1188 ASSERT_FALSE(incoming_args.error_invoked);
1189
1190 /* shut down */
1191 aws_channel_shutdown(incoming_args.channel, AWS_OP_SUCCESS);
1192 ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex));
1193 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1194 &c_tester.condition_variable, &c_tester.mutex, s_tls_channel_shutdown_predicate, &incoming_args));
1195 ASSERT_SUCCESS(aws_mutex_unlock(&c_tester.mutex));
1196
1197 /* no shutdown on the client necessary here (it should have been triggered by shutting down the other side). just
1198 * wait for the event to fire. */
1199 ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex));
1200 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1201 &c_tester.condition_variable, &c_tester.mutex, s_tls_channel_shutdown_predicate, &outgoing_args));
1202 ASSERT_SUCCESS(aws_mutex_unlock(&c_tester.mutex));
1203
1204 /* connect again! */
1205 s_reset_arg_state(&outgoing_args);
1206 s_reset_arg_state(&incoming_args);
1207
1208 ASSERT_SUCCESS(aws_client_bootstrap_new_socket_channel(&channel_options));
1209
1210 /* wait for both ends to setup */
1211 ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex));
1212 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1213 &c_tester.condition_variable, &c_tester.mutex, s_tls_channel_setup_predicate, &incoming_args));
1214 ASSERT_SUCCESS(aws_mutex_unlock(&c_tester.mutex));
1215 ASSERT_FALSE(incoming_args.error_invoked);
1216
1217 /* shut down */
1218 aws_channel_shutdown(incoming_args.channel, AWS_OP_SUCCESS);
1219 ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex));
1220 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1221 &c_tester.condition_variable, &c_tester.mutex, s_tls_channel_shutdown_predicate, &incoming_args));
1222 ASSERT_SUCCESS(aws_mutex_unlock(&c_tester.mutex));
1223
1224 /*no shutdown on the client necessary here (it should have been triggered by shutting down the other side). just
1225 * wait for the event to fire. */
1226 ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex));
1227 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1228 &c_tester.condition_variable, &c_tester.mutex, s_tls_channel_shutdown_predicate, &outgoing_args));
1229 ASSERT_SUCCESS(aws_mutex_unlock(&c_tester.mutex));
1230 aws_server_bootstrap_destroy_socket_listener(local_server_tester.server_bootstrap, local_server_tester.listener);
1231 ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex));
1232 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1233 &c_tester.condition_variable, &c_tester.mutex, s_tls_listener_destroy_predicate, &incoming_args));
1234 aws_mutex_unlock(&c_tester.mutex);
1235
1236 /* clean up */
1237 ASSERT_SUCCESS(s_tls_opt_tester_clean_up(&client_tls_opt_tester));
1238 aws_client_bootstrap_release(client_bootstrap);
1239 ASSERT_SUCCESS(s_tls_local_server_tester_clean_up(&local_server_tester));
1240 ASSERT_SUCCESS(s_tls_common_tester_clean_up(&c_tester));
1241
1242 return AWS_OP_SUCCESS;
1243 }
1244 AWS_TEST_CASE(tls_server_multiple_connections, s_tls_server_multiple_connections_fn)
1245
1246 struct shutdown_listener_tester {
1247 struct aws_socket *listener;
1248 struct aws_server_bootstrap *server_bootstrap;
1249 struct tls_test_args *outgoing_args; /* client args */
1250 struct aws_socket client_socket;
1251 };
1252
s_client_socket_closed_predicate(void * user_data)1253 static bool s_client_socket_closed_predicate(void *user_data) {
1254 struct tls_test_args *args = user_data;
1255 return args->shutdown_finished;
1256 }
1257
s_close_client_socket_task(struct aws_task * task,void * arg,enum aws_task_status status)1258 static void s_close_client_socket_task(struct aws_task *task, void *arg, enum aws_task_status status) {
1259 (void)status;
1260 struct shutdown_listener_tester *tester = arg;
1261
1262 /* Free task memory */
1263 aws_mem_release(tester->outgoing_args->allocator, task);
1264
1265 /* Close socket and notify */
1266 AWS_FATAL_ASSERT(aws_socket_close(&tester->client_socket) == AWS_OP_SUCCESS);
1267
1268 AWS_FATAL_ASSERT(aws_mutex_lock(tester->outgoing_args->mutex) == AWS_OP_SUCCESS);
1269 tester->outgoing_args->shutdown_finished = true;
1270 AWS_FATAL_ASSERT(aws_mutex_unlock(tester->outgoing_args->mutex) == AWS_OP_SUCCESS);
1271 AWS_FATAL_ASSERT(aws_condition_variable_notify_one(tester->outgoing_args->condition_variable) == AWS_OP_SUCCESS);
1272 }
1273
s_on_client_connected_do_hangup(struct aws_socket * socket,int error_code,void * user_data)1274 static void s_on_client_connected_do_hangup(struct aws_socket *socket, int error_code, void *user_data) {
1275 AWS_FATAL_ASSERT(error_code == 0);
1276 struct shutdown_listener_tester *tester = user_data;
1277 tester->client_socket = *socket;
1278
1279 /* wait 1 sec so server side has time to setup the channel, then close the socket */
1280 uint64_t run_at_ns;
1281 aws_event_loop_current_clock_time(socket->event_loop, &run_at_ns);
1282 run_at_ns += aws_timestamp_convert(1, AWS_TIMESTAMP_SECS, AWS_TIMESTAMP_NANOS, NULL);
1283 struct aws_task *close_client_socket_task =
1284 aws_mem_acquire(tester->outgoing_args->allocator, sizeof(struct aws_task));
1285 aws_task_init(close_client_socket_task, s_close_client_socket_task, tester, "wait_close_client_socket");
1286 aws_event_loop_schedule_task_future(socket->event_loop, close_client_socket_task, run_at_ns);
1287 }
1288
1289 /* Test that server can handle a hangup in the middle of TLS negotiation */
s_tls_server_hangup_during_negotiation_fn(struct aws_allocator * allocator,void * ctx)1290 static int s_tls_server_hangup_during_negotiation_fn(struct aws_allocator *allocator, void *ctx) {
1291 (void)ctx;
1292
1293 aws_io_library_init(allocator);
1294
1295 ASSERT_SUCCESS(s_tls_common_tester_init(allocator, &c_tester));
1296
1297 struct tls_test_args outgoing_args;
1298 ASSERT_SUCCESS(s_tls_test_arg_init(allocator, &outgoing_args, false, &c_tester));
1299
1300 struct tls_test_args incoming_args;
1301 ASSERT_SUCCESS(s_tls_test_arg_init(allocator, &incoming_args, true, &c_tester));
1302
1303 struct tls_local_server_tester local_server_tester;
1304 ASSERT_SUCCESS(
1305 s_tls_local_server_tester_init(allocator, &local_server_tester, &incoming_args, &c_tester, false, 1));
1306
1307 ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex));
1308
1309 struct shutdown_listener_tester *shutdown_tester =
1310 aws_mem_acquire(allocator, sizeof(struct shutdown_listener_tester));
1311 shutdown_tester->server_bootstrap = local_server_tester.server_bootstrap;
1312 shutdown_tester->listener = local_server_tester.listener;
1313 shutdown_tester->outgoing_args = &outgoing_args;
1314
1315 /* Use a raw aws_socket for the client, instead of a full-blown TLS channel.
1316 * This lets us hang up on the server, instead of automatically going through with proper TLS negotiation */
1317 ASSERT_SUCCESS(aws_socket_init(&shutdown_tester->client_socket, allocator, &local_server_tester.socket_options));
1318
1319 /* Upon connecting, immediately close the socket */
1320 ASSERT_SUCCESS(aws_socket_connect(
1321 &shutdown_tester->client_socket,
1322 &local_server_tester.endpoint,
1323 aws_event_loop_group_get_next_loop(c_tester.el_group),
1324 s_on_client_connected_do_hangup,
1325 shutdown_tester));
1326
1327 /* Wait for client socket to close */
1328 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1329 &c_tester.condition_variable, &c_tester.mutex, s_client_socket_closed_predicate, &outgoing_args));
1330
1331 /* Destroy listener socket and wait for shutdown to complete */
1332 aws_server_bootstrap_destroy_socket_listener(shutdown_tester->server_bootstrap, shutdown_tester->listener);
1333
1334 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1335 &c_tester.condition_variable, &c_tester.mutex, s_tls_listener_destroy_predicate, &incoming_args));
1336
1337 ASSERT_SUCCESS(aws_mutex_unlock(&c_tester.mutex));
1338 /* clean up */
1339 aws_socket_clean_up(&shutdown_tester->client_socket);
1340 aws_mem_release(allocator, shutdown_tester);
1341 /* cannot double free the listener */
1342 ASSERT_SUCCESS(s_tls_opt_tester_clean_up(&local_server_tester.server_tls_opt_tester));
1343 aws_server_bootstrap_release(local_server_tester.server_bootstrap);
1344 ASSERT_SUCCESS(s_tls_common_tester_clean_up(&c_tester));
1345
1346 return AWS_OP_SUCCESS;
1347 }
AWS_TEST_CASE(tls_server_hangup_during_negotiation,s_tls_server_hangup_during_negotiation_fn)1348 AWS_TEST_CASE(tls_server_hangup_during_negotiation, s_tls_server_hangup_during_negotiation_fn)
1349
1350 static void s_creation_callback_test_channel_creation_callback(
1351 struct aws_client_bootstrap *bootstrap,
1352 int error_code,
1353 struct aws_channel *channel,
1354 void *user_data) {
1355
1356 (void)bootstrap;
1357 (void)error_code;
1358
1359 struct tls_test_args *setup_test_args = (struct tls_test_args *)user_data;
1360
1361 setup_test_args->creation_callback_invoked = true;
1362 setup_test_args->channel = channel;
1363
1364 struct aws_crt_statistics_handler *stats_handler = aws_statistics_handler_new_test(bootstrap->allocator);
1365 aws_atomic_store_ptr(&c_tester.stats_handler, stats_handler);
1366
1367 aws_channel_set_statistics_handler(channel, stats_handler);
1368 }
1369
s_default_new_event_loop(struct aws_allocator * allocator,const struct aws_event_loop_options * options,void * user_data)1370 static struct aws_event_loop *s_default_new_event_loop(
1371 struct aws_allocator *allocator,
1372 const struct aws_event_loop_options *options,
1373 void *user_data) {
1374
1375 (void)user_data;
1376 return aws_event_loop_new_default_with_options(allocator, options);
1377 }
1378
s_statistic_test_clock_fn(uint64_t * timestamp)1379 static int s_statistic_test_clock_fn(uint64_t *timestamp) {
1380 *timestamp = aws_atomic_load_int(&c_tester.current_time_ns);
1381
1382 return AWS_OP_SUCCESS;
1383 }
1384
s_tls_common_tester_statistics_init(struct aws_allocator * allocator,struct tls_common_tester * tester)1385 static int s_tls_common_tester_statistics_init(struct aws_allocator *allocator, struct tls_common_tester *tester) {
1386
1387 aws_io_library_init(allocator);
1388
1389 AWS_ZERO_STRUCT(*tester);
1390
1391 struct aws_mutex mutex = AWS_MUTEX_INIT;
1392 struct aws_condition_variable condition_variable = AWS_CONDITION_VARIABLE_INIT;
1393 tester->mutex = mutex;
1394 tester->condition_variable = condition_variable;
1395 aws_atomic_store_int(&tester->current_time_ns, 0);
1396 aws_atomic_store_ptr(&tester->stats_handler, NULL);
1397
1398 tester->el_group =
1399 aws_event_loop_group_new(allocator, s_statistic_test_clock_fn, 1, s_default_new_event_loop, NULL, NULL);
1400
1401 struct aws_host_resolver_default_options resolver_options = {
1402 .el_group = tester->el_group,
1403 .max_entries = 1,
1404 };
1405 tester->resolver = aws_host_resolver_new_default(allocator, &resolver_options);
1406
1407 return AWS_OP_SUCCESS;
1408 }
1409
s_stats_processed_predicate(void * user_data)1410 static bool s_stats_processed_predicate(void *user_data) {
1411 struct aws_crt_statistics_handler *stats_handler = user_data;
1412 struct aws_statistics_handler_test_impl *stats_impl = stats_handler->impl;
1413
1414 return stats_impl->total_bytes_read > 0 && stats_impl->total_bytes_written > 0 &&
1415 stats_impl->tls_status != AWS_TLS_NEGOTIATION_STATUS_NONE;
1416 }
1417
s_tls_channel_statistics_test(struct aws_allocator * allocator,void * ctx)1418 static int s_tls_channel_statistics_test(struct aws_allocator *allocator, void *ctx) {
1419 (void)ctx;
1420 aws_io_library_init(allocator);
1421
1422 ASSERT_SUCCESS(s_tls_common_tester_statistics_init(allocator, &c_tester));
1423
1424 struct aws_byte_buf read_tag = aws_byte_buf_from_c_str("This is some data.");
1425 struct aws_byte_buf write_tag = aws_byte_buf_from_c_str("Created from a blend of heirloom and cider apples");
1426
1427 uint8_t incoming_received_message[128] = {0};
1428 uint8_t outgoing_received_message[128] = {0};
1429
1430 struct tls_test_rw_args incoming_rw_args;
1431 ASSERT_SUCCESS(s_tls_rw_args_init(
1432 &incoming_rw_args,
1433 &c_tester,
1434 aws_byte_buf_from_empty_array(incoming_received_message, sizeof(incoming_received_message))));
1435
1436 struct tls_test_rw_args outgoing_rw_args;
1437 ASSERT_SUCCESS(s_tls_rw_args_init(
1438 &outgoing_rw_args,
1439 &c_tester,
1440 aws_byte_buf_from_empty_array(outgoing_received_message, sizeof(outgoing_received_message))));
1441
1442 struct tls_test_args outgoing_args;
1443 ASSERT_SUCCESS(s_tls_test_arg_init(allocator, &outgoing_args, false, &c_tester));
1444
1445 struct tls_test_args incoming_args;
1446 ASSERT_SUCCESS(s_tls_test_arg_init(allocator, &incoming_args, true, &c_tester));
1447
1448 struct tls_local_server_tester local_server_tester;
1449 ASSERT_SUCCESS(
1450 s_tls_local_server_tester_init(allocator, &local_server_tester, &incoming_args, &c_tester, false, 1));
1451
1452 struct aws_channel_handler *outgoing_rw_handler =
1453 rw_handler_new(allocator, s_tls_test_handle_read, s_tls_test_handle_write, true, 10000, &outgoing_rw_args);
1454 ASSERT_NOT_NULL(outgoing_rw_handler);
1455
1456 struct aws_channel_handler *incoming_rw_handler =
1457 rw_handler_new(allocator, s_tls_test_handle_read, s_tls_test_handle_write, true, 10000, &incoming_rw_args);
1458 ASSERT_NOT_NULL(incoming_rw_handler);
1459
1460 incoming_args.rw_handler = incoming_rw_handler;
1461 outgoing_args.rw_handler = outgoing_rw_handler;
1462
1463 struct tls_opt_tester client_tls_opt_tester;
1464 struct aws_byte_cursor server_name = aws_byte_cursor_from_c_str("localhost");
1465 ASSERT_SUCCESS(s_tls_client_opt_tester_init(allocator, &client_tls_opt_tester, server_name));
1466 aws_tls_connection_options_set_callbacks(
1467 &client_tls_opt_tester.opt, s_tls_on_negotiated, NULL, NULL, &outgoing_args);
1468
1469 struct aws_client_bootstrap_options bootstrap_options;
1470 AWS_ZERO_STRUCT(bootstrap_options);
1471 bootstrap_options.event_loop_group = c_tester.el_group;
1472 bootstrap_options.host_resolver = c_tester.resolver;
1473
1474 struct aws_client_bootstrap *client_bootstrap = aws_client_bootstrap_new(allocator, &bootstrap_options);
1475
1476 ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex));
1477
1478 struct aws_socket_channel_bootstrap_options channel_options;
1479 AWS_ZERO_STRUCT(channel_options);
1480 channel_options.bootstrap = client_bootstrap;
1481 channel_options.host_name = local_server_tester.endpoint.address;
1482 channel_options.port = 0;
1483 channel_options.socket_options = &local_server_tester.socket_options;
1484 channel_options.tls_options = &client_tls_opt_tester.opt;
1485 channel_options.creation_callback = s_creation_callback_test_channel_creation_callback;
1486 channel_options.setup_callback = s_tls_handler_test_client_setup_callback;
1487 channel_options.shutdown_callback = s_tls_handler_test_client_shutdown_callback;
1488 channel_options.user_data = &outgoing_args;
1489
1490 ASSERT_SUCCESS(aws_client_bootstrap_new_socket_channel(&channel_options));
1491
1492 /* put this here to verify ownership semantics are correct. This should NOT cause a segfault. If it does, ya
1493 * done messed up. */
1494 aws_tls_connection_options_clean_up(&client_tls_opt_tester.opt);
1495 /* wait for both ends to setup */
1496 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1497 &c_tester.condition_variable, &c_tester.mutex, s_tls_channel_setup_predicate, &incoming_args));
1498 ASSERT_FALSE(incoming_args.error_invoked);
1499
1500 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1501 &c_tester.condition_variable, &c_tester.mutex, s_tls_channel_setup_predicate, &outgoing_args));
1502 ASSERT_FALSE(outgoing_args.error_invoked);
1503
1504 ASSERT_TRUE(outgoing_args.creation_callback_invoked);
1505
1506 /* Do the IO operations */
1507 rw_handler_write(outgoing_args.rw_handler, outgoing_args.rw_slot, &write_tag);
1508 rw_handler_write(incoming_args.rw_handler, incoming_args.rw_slot, &read_tag);
1509
1510 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1511 &c_tester.condition_variable, &c_tester.mutex, s_tls_test_read_predicate, &incoming_rw_args));
1512 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1513 &c_tester.condition_variable, &c_tester.mutex, s_tls_test_read_predicate, &outgoing_rw_args));
1514
1515 uint64_t ms_to_ns = aws_timestamp_convert(1, AWS_TIMESTAMP_MILLIS, AWS_TIMESTAMP_NANOS, NULL);
1516
1517 aws_atomic_store_int(&c_tester.current_time_ns, (size_t)ms_to_ns);
1518
1519 struct aws_crt_statistics_handler *stats_handler = aws_atomic_load_ptr(&c_tester.stats_handler);
1520 struct aws_statistics_handler_test_impl *stats_impl = stats_handler->impl;
1521
1522 aws_mutex_lock(&stats_impl->lock);
1523
1524 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1525 &stats_impl->signal, &stats_impl->lock, s_stats_processed_predicate, stats_handler));
1526
1527 ASSERT_TRUE(stats_impl->total_bytes_read >= read_tag.len);
1528 ASSERT_TRUE(stats_impl->total_bytes_written >= write_tag.len);
1529 ASSERT_TRUE(stats_impl->tls_status == AWS_TLS_NEGOTIATION_STATUS_SUCCESS);
1530
1531 aws_mutex_unlock(&stats_impl->lock);
1532
1533 aws_channel_shutdown(incoming_args.channel, AWS_OP_SUCCESS);
1534 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1535 &c_tester.condition_variable, &c_tester.mutex, s_tls_channel_shutdown_predicate, &incoming_args));
1536
1537 /*no shutdown on the client necessary here (it should have been triggered by shutting down the other side). just
1538 * wait for the event to fire. */
1539 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1540 &c_tester.condition_variable, &c_tester.mutex, s_tls_channel_shutdown_predicate, &outgoing_args));
1541 aws_server_bootstrap_destroy_socket_listener(local_server_tester.server_bootstrap, local_server_tester.listener);
1542 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1543 &c_tester.condition_variable, &c_tester.mutex, s_tls_listener_destroy_predicate, &incoming_args));
1544 aws_mutex_unlock(&c_tester.mutex);
1545 /* clean up */
1546 ASSERT_SUCCESS(s_tls_opt_tester_clean_up(&client_tls_opt_tester));
1547 ASSERT_SUCCESS(s_tls_local_server_tester_clean_up(&local_server_tester));
1548 aws_client_bootstrap_release(client_bootstrap);
1549 ASSERT_SUCCESS(s_tls_common_tester_clean_up(&c_tester));
1550
1551 return AWS_OP_SUCCESS;
1552 }
1553
1554 AWS_TEST_CASE(tls_channel_statistics_test, s_tls_channel_statistics_test)
1555
1556 ///////////////////////////////////////////////////////////////
1557
1558 struct channel_stat_test_context {
1559 struct aws_allocator *allocator;
1560 struct tls_opt_tester *tls_tester;
1561 struct aws_mutex lock;
1562 struct aws_condition_variable signal;
1563 bool setup_completed;
1564 bool shutdown_completed;
1565 int error_code;
1566 };
1567
s_channel_setup_stat_test_context_init(struct channel_stat_test_context * context,struct aws_allocator * allocator,struct tls_opt_tester * tls_tester)1568 static void s_channel_setup_stat_test_context_init(
1569 struct channel_stat_test_context *context,
1570 struct aws_allocator *allocator,
1571 struct tls_opt_tester *tls_tester) {
1572
1573 AWS_ZERO_STRUCT(*context);
1574 aws_mutex_init(&context->lock);
1575 aws_condition_variable_init(&context->signal);
1576 context->allocator = allocator;
1577 context->tls_tester = tls_tester;
1578 }
1579
s_channel_setup_stat_test_context_clean_up(struct channel_stat_test_context * context)1580 static void s_channel_setup_stat_test_context_clean_up(struct channel_stat_test_context *context) {
1581 aws_mutex_clean_up(&context->lock);
1582 aws_condition_variable_clean_up(&context->signal);
1583 }
1584
s_dummy_process_message(struct aws_channel_handler * handler,struct aws_channel_slot * slot,struct aws_io_message * message)1585 static int s_dummy_process_message(
1586 struct aws_channel_handler *handler,
1587 struct aws_channel_slot *slot,
1588 struct aws_io_message *message) {
1589 (void)handler;
1590 (void)slot;
1591
1592 aws_mem_release(message->allocator, message);
1593 return AWS_OP_SUCCESS;
1594 }
1595
s_dummy_increment_read_window(struct aws_channel_handler * handler,struct aws_channel_slot * slot,size_t size)1596 static int s_dummy_increment_read_window(
1597 struct aws_channel_handler *handler,
1598 struct aws_channel_slot *slot,
1599 size_t size) {
1600 (void)handler;
1601 (void)slot;
1602 (void)size;
1603
1604 return AWS_OP_SUCCESS;
1605 }
1606
s_dummy_shutdown(struct aws_channel_handler * handler,struct aws_channel_slot * slot,enum aws_channel_direction dir,int error_code,bool free_scarce_resources_immediately)1607 static int s_dummy_shutdown(
1608 struct aws_channel_handler *handler,
1609 struct aws_channel_slot *slot,
1610 enum aws_channel_direction dir,
1611 int error_code,
1612 bool free_scarce_resources_immediately) {
1613
1614 (void)handler;
1615 return aws_channel_slot_on_handler_shutdown_complete(slot, dir, error_code, free_scarce_resources_immediately);
1616 }
1617
s_dummy_initial_window_size(struct aws_channel_handler * handler)1618 static size_t s_dummy_initial_window_size(struct aws_channel_handler *handler) {
1619 (void)handler;
1620
1621 return 10000;
1622 }
1623
s_dummy_message_overhead(struct aws_channel_handler * handler)1624 static size_t s_dummy_message_overhead(struct aws_channel_handler *handler) {
1625 (void)handler;
1626
1627 return 0;
1628 }
1629
s_dummy_destroy(struct aws_channel_handler * handler)1630 static void s_dummy_destroy(struct aws_channel_handler *handler) {
1631 aws_mem_release(handler->alloc, handler);
1632 }
1633
1634 static struct aws_channel_handler_vtable s_dummy_handler_vtable = {
1635 .process_read_message = s_dummy_process_message,
1636 .process_write_message = s_dummy_process_message,
1637 .increment_read_window = s_dummy_increment_read_window,
1638 .shutdown = s_dummy_shutdown,
1639 .initial_window_size = s_dummy_initial_window_size,
1640 .message_overhead = s_dummy_message_overhead,
1641 .destroy = s_dummy_destroy,
1642 };
1643
aws_channel_handler_new_dummy(struct aws_allocator * allocator)1644 static struct aws_channel_handler *aws_channel_handler_new_dummy(struct aws_allocator *allocator) {
1645 struct aws_channel_handler *handler = aws_mem_acquire(allocator, sizeof(struct aws_channel_handler));
1646 handler->alloc = allocator;
1647 handler->vtable = &s_dummy_handler_vtable;
1648 handler->impl = NULL;
1649
1650 return handler;
1651 }
1652
s_setup_completed_predicate(void * arg)1653 static bool s_setup_completed_predicate(void *arg) {
1654 struct channel_stat_test_context *context = (struct channel_stat_test_context *)arg;
1655 return context->setup_completed;
1656 }
1657
s_shutdown_completed_predicate(void * arg)1658 static bool s_shutdown_completed_predicate(void *arg) {
1659 struct channel_stat_test_context *context = (struct channel_stat_test_context *)arg;
1660 return context->shutdown_completed;
1661 }
1662
s_on_shutdown_completed(struct aws_channel * channel,int error_code,void * user_data)1663 static void s_on_shutdown_completed(struct aws_channel *channel, int error_code, void *user_data) {
1664 (void)channel;
1665 struct channel_stat_test_context *context = (struct channel_stat_test_context *)user_data;
1666
1667 aws_mutex_lock(&context->lock);
1668 context->shutdown_completed = true;
1669 context->error_code = error_code;
1670 aws_mutex_unlock(&context->lock);
1671
1672 aws_condition_variable_notify_one(&context->signal);
1673 }
1674
1675 static const int s_tls_timeout_ms = 1000;
1676
s_on_setup_completed(struct aws_channel * channel,int error_code,void * user_data)1677 static void s_on_setup_completed(struct aws_channel *channel, int error_code, void *user_data) {
1678 (void)channel;
1679 struct channel_stat_test_context *context = (struct channel_stat_test_context *)user_data;
1680
1681 /* attach a dummy channel handler */
1682 struct aws_channel_slot *dummy_slot = aws_channel_slot_new(channel);
1683
1684 struct aws_channel_handler *dummy_handler = aws_channel_handler_new_dummy(context->allocator);
1685 aws_channel_slot_set_handler(dummy_slot, dummy_handler);
1686
1687 /* attach a tls channel handler and start negotiation */
1688 aws_channel_setup_client_tls(dummy_slot, &context->tls_tester->opt);
1689
1690 aws_mutex_lock(&context->lock);
1691 context->error_code = error_code;
1692 context->setup_completed = true;
1693 aws_mutex_unlock(&context->lock);
1694 aws_condition_variable_notify_one(&context->signal);
1695 }
1696
s_test_tls_negotiation_timeout(struct aws_allocator * allocator,void * ctx)1697 static int s_test_tls_negotiation_timeout(struct aws_allocator *allocator, void *ctx) {
1698 (void)ctx;
1699 aws_io_library_init(allocator);
1700
1701 struct aws_event_loop *event_loop = aws_event_loop_new_default(allocator, aws_high_res_clock_get_ticks);
1702
1703 ASSERT_SUCCESS(aws_event_loop_run(event_loop));
1704
1705 struct tls_opt_tester tls_test_context;
1706 s_tls_client_opt_tester_init(allocator, &tls_test_context, aws_byte_cursor_from_c_str("derp.com"));
1707 tls_test_context.opt.timeout_ms = s_tls_timeout_ms;
1708
1709 struct channel_stat_test_context channel_context;
1710 s_channel_setup_stat_test_context_init(&channel_context, allocator, &tls_test_context);
1711
1712 struct aws_channel_options args = {
1713 .on_setup_completed = s_on_setup_completed,
1714 .setup_user_data = &channel_context,
1715 .on_shutdown_completed = s_on_shutdown_completed,
1716 .shutdown_user_data = &channel_context,
1717 .event_loop = event_loop,
1718 };
1719
1720 /* set up the channel */
1721 ASSERT_SUCCESS(aws_mutex_lock(&channel_context.lock));
1722 struct aws_channel *channel = aws_channel_new(allocator, &args);
1723 ASSERT_NOT_NULL(channel);
1724 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1725 &channel_context.signal, &channel_context.lock, s_setup_completed_predicate, &channel_context));
1726 aws_mutex_unlock(&channel_context.lock);
1727
1728 /* wait for the timeout */
1729 aws_thread_current_sleep(aws_timestamp_convert(s_tls_timeout_ms, AWS_TIMESTAMP_MILLIS, AWS_TIMESTAMP_NANOS, NULL));
1730
1731 aws_mutex_lock(&channel_context.lock);
1732 ASSERT_SUCCESS(aws_condition_variable_wait_pred(
1733 &channel_context.signal, &channel_context.lock, s_shutdown_completed_predicate, &channel_context));
1734
1735 ASSERT_TRUE(channel_context.error_code == AWS_IO_TLS_NEGOTIATION_TIMEOUT);
1736
1737 aws_mutex_unlock(&channel_context.lock);
1738
1739 aws_channel_destroy(channel);
1740 aws_event_loop_destroy(event_loop);
1741
1742 s_tls_opt_tester_clean_up(&tls_test_context);
1743
1744 s_channel_setup_stat_test_context_clean_up(&channel_context);
1745
1746 aws_io_library_clean_up();
1747
1748 return AWS_OP_SUCCESS;
1749 }
1750
1751 AWS_TEST_CASE(test_tls_negotiation_timeout, s_test_tls_negotiation_timeout)
1752
1753 struct import_info {
1754 struct aws_allocator *allocator;
1755 struct aws_byte_buf cert_buf;
1756 struct aws_byte_buf key_buf;
1757 struct aws_thread thread;
1758 struct aws_tls_ctx *tls;
1759 };
1760
s_import_cert(void * ctx)1761 static void s_import_cert(void *ctx) {
1762 (void)ctx;
1763 # if !defined(AWS_OS_IOS)
1764 struct import_info *import = ctx;
1765 struct aws_byte_cursor cert_cur = aws_byte_cursor_from_buf(&import->cert_buf);
1766 struct aws_byte_cursor key_cur = aws_byte_cursor_from_buf(&import->key_buf);
1767 struct aws_tls_ctx_options tls_options = {0};
1768 AWS_FATAL_ASSERT(
1769 AWS_OP_SUCCESS == aws_tls_ctx_options_init_client_mtls(&tls_options, import->allocator, &cert_cur, &key_cur));
1770
1771 /* import happens in here */
1772 import->tls = aws_tls_client_ctx_new(import->allocator, &tls_options);
1773 AWS_FATAL_ASSERT(import->tls);
1774
1775 aws_tls_ctx_options_clean_up(&tls_options);
1776 # endif /* !AWS_OS_IOS */
1777 }
1778
1779 # define NUM_PAIRS 1
s_test_concurrent_cert_import(struct aws_allocator * allocator,void * ctx)1780 static int s_test_concurrent_cert_import(struct aws_allocator *allocator, void *ctx) {
1781 (void)ctx;
1782 /* temporarily disable this on apple until we can fix importing to be more robust */
1783 /* temporarily disable this on linux until we can make CRYPTO_zalloc behave and stop angering ASan */
1784 # if defined(__APPLE__) || defined(__linux__)
1785 return AWS_OP_SUCCESS;
1786 # endif
1787
1788 aws_io_library_init(allocator);
1789
1790 AWS_VARIABLE_LENGTH_ARRAY(struct import_info, imports, NUM_PAIRS);
1791
1792 /* setup, note that all I/O should be before the threads are launched */
1793 for (size_t idx = 0; idx < NUM_PAIRS; ++idx) {
1794 struct import_info *import = &imports[idx];
1795 import->allocator = allocator;
1796
1797 char filename[1024];
1798 sprintf(filename, "testcert%u.pem", (uint32_t)idx);
1799 ASSERT_SUCCESS(aws_byte_buf_init_from_file(&import->cert_buf, import->allocator, filename));
1800
1801 sprintf(filename, "testkey.pem");
1802 ASSERT_SUCCESS(aws_byte_buf_init_from_file(&import->key_buf, import->allocator, filename));
1803
1804 struct aws_thread *thread = &import->thread;
1805 ASSERT_SUCCESS(aws_thread_init(thread, allocator));
1806 }
1807
1808 /* run threads */
1809 const struct aws_thread_options *options = aws_default_thread_options();
1810 for (size_t idx = 0; idx < NUM_PAIRS; ++idx) {
1811 struct import_info *import = &imports[idx];
1812 struct aws_thread *thread = &import->thread;
1813 ASSERT_SUCCESS(aws_thread_launch(thread, s_import_cert, import, options));
1814 }
1815
1816 /* join and clean up */
1817 for (size_t idx = 0; idx < NUM_PAIRS; ++idx) {
1818 struct import_info *import = &imports[idx];
1819 struct aws_thread *thread = &import->thread;
1820 ASSERT_SUCCESS(aws_thread_join(thread));
1821 aws_tls_ctx_release(import->tls);
1822 aws_byte_buf_clean_up(&import->cert_buf);
1823 aws_byte_buf_clean_up(&import->key_buf);
1824 }
1825
1826 aws_io_library_clean_up();
1827
1828 return AWS_OP_SUCCESS;
1829 }
1830
AWS_TEST_CASE(test_concurrent_cert_import,s_test_concurrent_cert_import)1831 AWS_TEST_CASE(test_concurrent_cert_import, s_test_concurrent_cert_import)
1832
1833 static int s_tls_destroy_null_context(struct aws_allocator *allocator, void *ctx) {
1834 (void)allocator;
1835 (void)ctx;
1836
1837 struct aws_tls_ctx *null_context = NULL;
1838
1839 /* Verify that we don't crash. */
1840 aws_tls_ctx_release(null_context);
1841
1842 return AWS_OP_SUCCESS;
1843 }
1844 AWS_TEST_CASE(tls_destroy_null_context, s_tls_destroy_null_context);
1845
s_test_ecc_cert_import(struct aws_allocator * allocator,void * ctx)1846 static int s_test_ecc_cert_import(struct aws_allocator *allocator, void *ctx) {
1847 (void)ctx;
1848 (void)allocator;
1849
1850 # ifndef AWS_OS_APPLE
1851 aws_io_library_init(allocator);
1852
1853 struct aws_byte_buf cert_buf;
1854 struct aws_byte_buf key_buf;
1855
1856 ASSERT_SUCCESS(aws_byte_buf_init_from_file(&cert_buf, allocator, "ecc-cert.pem"));
1857 ASSERT_SUCCESS(aws_byte_buf_init_from_file(&key_buf, allocator, "ecc-key.pem"));
1858
1859 struct aws_byte_cursor cert_cur = aws_byte_cursor_from_buf(&cert_buf);
1860 struct aws_byte_cursor key_cur = aws_byte_cursor_from_buf(&key_buf);
1861 struct aws_tls_ctx_options tls_options = {0};
1862 AWS_FATAL_ASSERT(
1863 AWS_OP_SUCCESS == aws_tls_ctx_options_init_client_mtls(&tls_options, allocator, &cert_cur, &key_cur));
1864
1865 /* import happens in here */
1866 struct aws_tls_ctx *tls_context = aws_tls_client_ctx_new(allocator, &tls_options);
1867 ASSERT_NOT_NULL(tls_context);
1868
1869 aws_tls_ctx_release(tls_context);
1870
1871 aws_tls_ctx_options_clean_up(&tls_options);
1872
1873 aws_byte_buf_clean_up(&cert_buf);
1874 aws_byte_buf_clean_up(&key_buf);
1875
1876 aws_io_library_clean_up();
1877 # endif /* AWS_OS_APPLE */
1878
1879 return AWS_OP_SUCCESS;
1880 }
1881
1882 AWS_TEST_CASE(test_ecc_cert_import, s_test_ecc_cert_import)
1883
1884 #endif /* BYO_CRYPTO */
1885