wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 00:32:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

test: tls13_early_data: refactor splitEarlyData test option

Browse Source
This commit is contained in:
Marco Oliverio
2025-12-02 11:02:12 +01:00
parent 57282140a9
commit 609e30a69c
1 changed files with 129 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

254
tests/api/test_tls13.c
View File

@@ -2011,164 +2011,168 @@ int test_tls13_early_data(void)
method_provider server_meth;
const char* tls_version;
int isUdp;
int splitEarlyData;
} params[] = {
#ifdef WOLFSSL_TLS13
{ wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
"TLS 1.3", 0 },
"TLS 1.3", 0, 0 },
{ wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
"TLS 1.3", 0, 1 },
#endif
#ifdef WOLFSSL_DTLS13
{ wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method,
"DTLS 1.3", 1 },
"DTLS 1.3", 1, 0 },
{ wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method,
"DTLS 1.3", 1, 1 },
#endif
};
for (i = 0; i < sizeof(params)/sizeof(*params) && !EXPECT_FAIL(); i++) {
for (splitEarlyData = 0; splitEarlyData < 2; splitEarlyData++) {
struct test_memio_ctx test_ctx;
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
WOLFSSL_SESSION *sess = NULL;
struct test_memio_ctx test_ctx;
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
WOLFSSL_SESSION *sess = NULL;
int splitEarlyData = params[i].splitEarlyData;
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
fprintf(stderr, "\tEarly data with %s\n", params[i].tls_version);
fprintf(stderr, "\tEarly data with %s\n", params[i].tls_version);
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c,
&ssl_s, params[i].client_meth, params[i].server_meth), 0);
/* Get a ticket so that we can do 0-RTT on the next connection */
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
/* Make sure we read the ticket */
ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
ExpectNotNull(sess = wolfSSL_get1_session(ssl_c));
wolfSSL_free(ssl_c);
ssl_c = NULL;
wolfSSL_free(ssl_s);
ssl_s = NULL;
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c,
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c,
&ssl_s, params[i].client_meth, params[i].server_meth), 0);
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS);
/* Get a ticket so that we can do 0-RTT on the next connection */
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
/* Make sure we read the ticket */
ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
ExpectNotNull(sess = wolfSSL_get1_session(ssl_c));
wolfSSL_free(ssl_c);
ssl_c = NULL;
wolfSSL_free(ssl_s);
ssl_s = NULL;
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c,
&ssl_s, params[i].client_meth, params[i].server_meth), 0);
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_DTLS13
if (params[i].isUdp) {
wolfSSL_SetLoggingPrefix("server");
if (params[i].isUdp) {
wolfSSL_SetLoggingPrefix("server");
#ifdef WOLFSSL_DTLS13_NO_HRR_ON_RESUME
ExpectIntEQ(wolfSSL_dtls13_no_hrr_on_resume(ssl_s, 1),
WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_dtls13_no_hrr_on_resume(ssl_s, 1),
WOLFSSL_SUCCESS);
#else
/* Let's test this but we generally don't recommend turning off
* the cookie exchange */
ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS);
/* Let's test this but we generally don't recommend turning off
* the cookie exchange */
ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS);
#endif
}
}
#endif
/* Test 0-RTT data */
wolfSSL_SetLoggingPrefix("client");
/* Test 0-RTT data */
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg),
&written), sizeof(msg));
ExpectIntEQ(written, sizeof(msg));
if (splitEarlyData) {
ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg),
&written), sizeof(msg));
ExpectIntEQ(written, sizeof(msg));
}
if (splitEarlyData) {
ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg),
&written), sizeof(msg));
ExpectIntEQ(written, sizeof(msg));
}
/* Read first 0-RTT data (if split otherwise entire data) */
wolfSSL_SetLoggingPrefix("server");
ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
&read), sizeof(msg));
ExpectIntEQ(read, sizeof(msg));
ExpectStrEQ(msg, msgBuf);
/* Read first 0-RTT data (if split otherwise entire data) */
wolfSSL_SetLoggingPrefix("server");
ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
&read), sizeof(msg));
/* Test 0.5-RTT data */
ExpectIntEQ(wolfSSL_write(ssl_s, msg4, sizeof(msg4)), sizeof(msg4));
if (splitEarlyData) {
/* Read second 0-RTT data */
ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf,
sizeof(msgBuf), &read), sizeof(msg));
ExpectIntEQ(read, sizeof(msg));
ExpectStrEQ(msg, msgBuf);
}
/* Test 0.5-RTT data */
ExpectIntEQ(wolfSSL_write(ssl_s, msg4, sizeof(msg4)), sizeof(msg4));
if (splitEarlyData) {
/* Read second 0-RTT data */
ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf,
sizeof(msgBuf), &read), sizeof(msg));
ExpectIntEQ(read, sizeof(msg));
ExpectStrEQ(msg, msgBuf);
}
if (params[i].isUdp) {
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1),
WC_NO_ERR_TRACE(APP_DATA_READY));
/* Read server 0.5-RTT data */
ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)),
sizeof(msg4));
ExpectStrEQ(msg4, msgBuf);
/* Complete handshake */
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1),
WOLFSSL_ERROR_WANT_READ);
/* Use wolfSSL_is_init_finished to check if handshake is
* complete. Normally a user would loop until it is true but
* here we control both sides so we just assert the expected
* value. wolfSSL_read_early_data does not provide handshake
* status to us with non-blocking IO and we can't use
* wolfSSL_accept as TLS layer may return ZERO_RETURN due to
* early data parsing logic. */
wolfSSL_SetLoggingPrefix("server");
ExpectFalse(wolfSSL_is_init_finished(ssl_s));
ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf,
sizeof(msgBuf), &read), 0);
ExpectIntEQ(read, 0);
ExpectTrue(wolfSSL_is_init_finished(ssl_s));
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
}
else {
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
wolfSSL_SetLoggingPrefix("server");
ExpectFalse(wolfSSL_is_init_finished(ssl_s));
ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf,
sizeof(msgBuf), &read), 0);
ExpectIntEQ(read, 0);
ExpectTrue(wolfSSL_is_init_finished(ssl_s));
/* Read server 0.5-RTT data */
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)),
sizeof(msg4));
ExpectStrEQ(msg4, msgBuf);
}
/* Test bi-directional write */
if (params[i].isUdp) {
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_write(ssl_c, msg2, sizeof(msg2)), sizeof(msg2));
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1),
WC_NO_ERR_TRACE(APP_DATA_READY));
/* Read server 0.5-RTT data */
ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)),
sizeof(msg4));
ExpectStrEQ(msg4, msgBuf);
/* Complete handshake */
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1),
WOLFSSL_ERROR_WANT_READ);
/* Use wolfSSL_is_init_finished to check if handshake is
* complete. Normally a user would loop until it is true but
* here we control both sides so we just assert the expected
* value. wolfSSL_read_early_data does not provide handshake
* status to us with non-blocking IO and we can't use
* wolfSSL_accept as TLS layer may return ZERO_RETURN due to
* early data parsing logic. */
wolfSSL_SetLoggingPrefix("server");
ExpectIntEQ(wolfSSL_read(ssl_s, msgBuf, sizeof(msgBuf)),
sizeof(msg2));
ExpectStrEQ(msg2, msgBuf);
ExpectIntEQ(wolfSSL_write(ssl_s, msg3, sizeof(msg3)), sizeof(msg3));
ExpectFalse(wolfSSL_is_init_finished(ssl_s));
ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf,
sizeof(msgBuf), &read), 0);
ExpectIntEQ(read, 0);
ExpectTrue(wolfSSL_is_init_finished(ssl_s));
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
}
else {
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
wolfSSL_SetLoggingPrefix("server");
ExpectFalse(wolfSSL_is_init_finished(ssl_s));
ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf,
sizeof(msgBuf), &read), 0);
ExpectIntEQ(read, 0);
ExpectTrue(wolfSSL_is_init_finished(ssl_s));
/* Read server 0.5-RTT data */
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)),
sizeof(msg3));
ExpectStrEQ(msg3, msgBuf);
wolfSSL_SetLoggingPrefix(NULL);
ExpectTrue(wolfSSL_session_reused(ssl_c));
ExpectTrue(wolfSSL_session_reused(ssl_s));
wolfSSL_SESSION_free(sess);
wolfSSL_free(ssl_c);
wolfSSL_free(ssl_s);
wolfSSL_CTX_free(ctx_c);
wolfSSL_CTX_free(ctx_s);
sizeof(msg4));
ExpectStrEQ(msg4, msgBuf);
}
/* Test bi-directional write */
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_write(ssl_c, msg2, sizeof(msg2)), sizeof(msg2));
wolfSSL_SetLoggingPrefix("server");
ExpectIntEQ(wolfSSL_read(ssl_s, msgBuf, sizeof(msgBuf)),
sizeof(msg2));
ExpectStrEQ(msg2, msgBuf);
ExpectIntEQ(wolfSSL_write(ssl_s, msg3, sizeof(msg3)), sizeof(msg3));
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)),
sizeof(msg3));
ExpectStrEQ(msg3, msgBuf);
wolfSSL_SetLoggingPrefix(NULL);
ExpectTrue(wolfSSL_session_reused(ssl_c));
ExpectTrue(wolfSSL_session_reused(ssl_s));
wolfSSL_SESSION_free(sess);
wolfSSL_free(ssl_c);
wolfSSL_free(ssl_s);
wolfSSL_CTX_free(ctx_c);
wolfSSL_CTX_free(ctx_s);
}
#endif
return EXPECT_RESULT();