}
/*
- * Test that a server attempting to read early data can handle a connection
- * from a client where the early data is not acceptable.
+ * Helper function to test that a server attempting to read early data can
+ * handle a connection from a client where the early data should be skipped.
*/
-static int test_early_data_skip(int idx)
+static int early_data_skip_helper(int hrr, int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
&serverssl, &sess, idx)))
goto end;
- /*
- * Deliberately corrupt the creation time. We take 20 seconds off the time.
- * It could be any value as long as it is not within tolerance. This should
- * mean the ticket is rejected.
- */
- if (!TEST_true(SSL_SESSION_set_time(sess, time(NULL) - 20)))
- goto end;
+ if (hrr) {
+ /* Force an HRR to occur */
+ if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
+ goto end;
+ } else {
+ /*
+ * Deliberately corrupt the creation time. We take 20 seconds off the
+ * time. It could be any value as long as it is not within tolerance.
+ * This should mean the ticket is rejected.
+ */
+ if (!TEST_true(SSL_SESSION_set_time(sess, time(NULL) - 20)))
+ goto end;
+ }
/* Write some early data */
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
SSL_EARLY_DATA_REJECTED))
goto end;
+ if (hrr) {
+ /*
+ * Finish off the handshake. We perform the same writes and reads as
+ * further down but we expect them to fail due to the incomplete
+ * handshake.
+ */
+ if (!TEST_false(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
+ || !TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf),
+ &readbytes)))
+ goto end;
+ }
+
/* Should be able to send normal data despite rejection of early data */
if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
|| !TEST_size_t_eq(written, strlen(MSG2))
return testresult;
}
+/*
+ * Test that a server attempting to read early data can handle a connection
+ * from a client where the early data is not acceptable.
+ */
+static int test_early_data_skip(int idx)
+{
+ return early_data_skip_helper(0, idx);
+}
+
+/*
+ * Test that a server attempting to read early data can handle a connection
+ * from a client where an HRR occurs.
+ */
+static int test_early_data_skip_hrr(int idx)
+{
+ return early_data_skip_helper(1, idx);
+}
+
/*
* Test that a server attempting to read early data can handle a connection
* from a client that doesn't send any.
const unsigned char key[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+ 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f
};
int testresult = 0;
#ifndef OPENSSL_NO_TLS1_3
ADD_ALL_TESTS(test_early_data_read_write, 2);
ADD_ALL_TESTS(test_early_data_skip, 2);
+ ADD_ALL_TESTS(test_early_data_skip_hrr, 2);
ADD_ALL_TESTS(test_early_data_not_sent, 2);
ADD_ALL_TESTS(test_early_data_not_expected, 2);
# ifndef OPENSSL_NO_TLS1_2