Simplify 0-RTT tests. Add an earlyData and earlyDataRejected flag to configure the standard 0-RTT test options. It's too tedious otherwise. Along the way, I added an -expect-cipher flag to a few of the tests which could do with them. This does cause most 0-RTT tests to exchange a quick burst of data, so a few more fuzzer mode suppressions are needed. I think that's probably fine. Maybe we should mess with fuzzer mode so it's able to trial decrypt as this is getting a little tedious. Change-Id: Ib6490fe006d91294aab1a06d88f7793c6ae840c8 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43086 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc index 55f9c38..ebdfeaf 100644 --- a/ssl/test/bssl_shim.cc +++ b/ssl/test/bssl_shim.cc
@@ -613,8 +613,7 @@ } } - uint16_t cipher_id = - static_cast<uint16_t>(SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))); + uint16_t cipher_id = SSL_CIPHER_get_protocol_id(SSL_get_current_cipher(ssl)); if (config->expect_cipher_aes != 0 && EVP_has_aes_hardware() && static_cast<uint16_t>(config->expect_cipher_aes) != cipher_id) { @@ -631,6 +630,13 @@ return false; } + if (config->expect_cipher != 0 && + static_cast<uint16_t>(config->expect_cipher) != cipher_id) { + fprintf(stderr, "Cipher ID was %04x, wanted %04x\n", cipher_id, + static_cast<uint16_t>(config->expect_cipher)); + return false; + } + // The early data status is only applicable after the handshake is confirmed. if (!SSL_in_early_data(ssl)) { if ((config->expect_accept_early_data && !SSL_early_data_accepted(ssl)) ||
diff --git a/ssl/test/runner/fuzzer_mode.json b/ssl/test/runner/fuzzer_mode.json index 384b1db..3e03a9b 100644 --- a/ssl/test/runner/fuzzer_mode.json +++ b/ssl/test/runner/fuzzer_mode.json
@@ -34,9 +34,10 @@ "SkipEarlyData*": "Trial decryption does not work with the NULL cipher.", "EarlyDataChannelID-OfferBoth-Server-*": "Trial decryption does not work with the NULL cipher.", + "EarlyDataChannelID-AcceptChannelID-Client-*": "Trial decryption does not work with the NULL cipher.", "EarlyData-NonZeroRTTSession-Server-*": "Trial decryption does not work with the NULL cipher.", "EarlyData-SkipEndOfEarlyData-*": "Trial decryption does not work with the NULL cipher.", - "EarlyData-ALPNMismatch-Server-*": "Trial decryption does not work with the NULL cipher.", + "EarlyData-ALPNMismatch-*": "Trial decryption does not work with the NULL cipher.", "EarlyData-ALPNOmitted1-Client-*": "Trial decryption does not work with the NULL cipher.", "EarlyData-ALPNOmitted2-Client-*": "Trial decryption does not work with the NULL cipher.", "EarlyData-ALPNOmitted1-Server-*": "Trial decryption does not work with the NULL cipher.", @@ -45,6 +46,7 @@ "EarlyData-Reject*-Client*": "Trial decryption does not work with the NULL cipher.", "CustomExtensions-Server-EarlyDataOffered": "Trial decryption does not work with the NULL cipher.", "*-TicketAgeSkew-*-Reject*": "Trial decryption does not work with the NULL cipher.", + "*EarlyDataRejected*": "Trial decryption does not work with the NULL cipher.", "Renegotiate-Client-BadExt*": "Fuzzer mode does not check renegotiation_info.",
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 4baf901..0f34287 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go
@@ -663,6 +663,18 @@ // skipQUICALPNConfig, if true, will skip automatic configuration of // sending a fake ALPN when protocol == quic. skipQUICALPNConfig bool + // earlyData, if true, configures default settings for an early data test. + // expectEarlyDataRejected controls whether the test is for early data + // accept or reject. In a client test, the shim will be configured to send + // an initial write in early data which, on accept, the runner will enforce. + // In a server test, the runner will send some default message in early + // data, which the shim is expected to echo in half-RTT. + earlyData bool + // expectEarlyDataRejected, if earlyData is true, is whether early data is + // expected to be rejected. In a client test, this controls whether the shim + // should retry for early rejection. In a server test, this is whether the + // test expects the shim to reject early data. + expectEarlyDataRejected bool } var testCases []testCase @@ -1307,6 +1319,49 @@ } } + if test.earlyData { + if !test.resumeSession { + panic("earlyData set without resumeSession in " + test.name) + } + + resumeConfig := test.resumeConfig + if resumeConfig == nil { + resumeConfig = &test.config + } + if test.expectEarlyDataRejected { + flags = append(flags, "-on-resume-expect-reject-early-data") + } else { + flags = append(flags, "-on-resume-expect-accept-early-data") + } + + flags = append(flags, "-enable-early-data") + if test.testType == clientTest { + // Configure the runner with default maximum early data. + flags = append(flags, "-expect-ticket-supports-early-data") + if test.config.MaxEarlyDataSize == 0 { + test.config.MaxEarlyDataSize = 16384 + } + if resumeConfig.MaxEarlyDataSize == 0 { + resumeConfig.MaxEarlyDataSize = 16384 + } + + // Configure the shim to send some data in early data. + flags = append(flags, "-on-resume-shim-writes-first") + if resumeConfig.Bugs.ExpectEarlyData == nil { + resumeConfig.Bugs.ExpectEarlyData = [][]byte{[]byte("hello")} + } + } else { + // By default, send some early data and expect half-RTT data response. + if resumeConfig.Bugs.SendEarlyData == nil { + resumeConfig.Bugs.SendEarlyData = [][]byte{{1, 2, 3, 4}} + } + if resumeConfig.Bugs.ExpectHalfRTTData == nil { + resumeConfig.Bugs.ExpectHalfRTTData = [][]byte{{254, 253, 252, 251}} + } + resumeConfig.Bugs.ExpectEarlyDataAccepted = !test.expectEarlyDataRejected + } + } + var resumeCount int if test.resumeSession { resumeCount++ @@ -4690,12 +4745,7 @@ }, resumeShimPrefix: "llo", resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-on-resume-expect-accept-early-data", - "-on-resume-shim-writes-first", - }, + earlyData: true, }) } @@ -4707,26 +4757,16 @@ testType: clientTest, name: "TLS13-EarlyData-UnfinishedWrite-Client", config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, Bugs: ProtocolBugs{ + ExpectEarlyData: [][]byte{}, ExpectLateEarlyData: [][]byte{{'h', 'e', 'l', 'l', 'o'}}, }, }, resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-on-resume-expect-accept-early-data", - "-on-resume-read-with-unfinished-write", - "-on-resume-shim-writes-first", - }, + earlyData: true, + flags: []string{"-on-resume-read-with-unfinished-write"}, }) // Rejected unfinished writes are discarded (from the @@ -4736,26 +4776,16 @@ testType: clientTest, name: "TLS13-EarlyData-RejectUnfinishedWrite-Client", config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, Bugs: ProtocolBugs{ AlwaysRejectEarlyData: true, }, }, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", - "-on-resume-read-with-unfinished-write", - "-on-resume-shim-writes-first", - }, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, + flags: []string{"-on-resume-read-with-unfinished-write"}, }) } @@ -4774,10 +4804,7 @@ }, messageCount: 2, resumeSession: true, - flags: []string{ - "-enable-early-data", - "-on-resume-expect-accept-early-data", - }, + earlyData: true, shouldFail: true, expectedError: ":TOO_MUCH_READ_EARLY_DATA:", }) @@ -5287,102 +5314,80 @@ testType: testType, name: "EarlyData-RejectTicket-Client-Reverify" + suffix, config: Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, + MaxVersion: vers.version, }, resumeConfig: &Config{ MaxVersion: vers.version, - MaxEarlyDataSize: 16384, SessionTicketsDisabled: true, }, - resumeSession: true, - expectResumeRejected: true, + resumeSession: true, + expectResumeRejected: true, + earlyData: true, + expectEarlyDataRejected: true, flags: append([]string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-reverify-on-resume", - "-on-resume-shim-writes-first", // Session tickets are disabled, so the runner will not send a ticket. "-on-retry-expect-no-session", - "-expect-reject-early-data", }, flags...), }) tests = append(tests, testCase{ testType: testType, name: "EarlyData-Reject0RTT-Client-Reverify" + suffix, config: Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, + MaxVersion: vers.version, Bugs: ProtocolBugs{ AlwaysRejectEarlyData: true, }, }, - resumeSession: true, - expectResumeRejected: false, + resumeSession: true, + expectResumeRejected: false, + earlyData: true, + expectEarlyDataRejected: true, flags: append([]string{ - "-enable-early-data", - "-expect-reject-early-data", - "-expect-ticket-supports-early-data", "-reverify-on-resume", - "-on-resume-shim-writes-first", }, flags...), }) tests = append(tests, testCase{ testType: testType, name: "EarlyData-RejectTicket-Client-ReverifyFails" + suffix, config: Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, + MaxVersion: vers.version, }, resumeConfig: &Config{ MaxVersion: vers.version, - MaxEarlyDataSize: 16384, SessionTicketsDisabled: true, }, - resumeSession: true, - expectResumeRejected: true, - shouldFail: true, - expectedError: ":CERTIFICATE_VERIFY_FAILED:", + resumeSession: true, + expectResumeRejected: true, + earlyData: true, + expectEarlyDataRejected: true, + shouldFail: true, + expectedError: ":CERTIFICATE_VERIFY_FAILED:", flags: append([]string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-reverify-on-resume", - "-on-resume-shim-writes-first", // Session tickets are disabled, so the runner will not send a ticket. "-on-retry-expect-no-session", "-on-retry-verify-fail", - "-expect-reject-early-data", }, flags...), }) tests = append(tests, testCase{ testType: testType, name: "EarlyData-Reject0RTT-Client-ReverifyFails" + suffix, config: Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, + MaxVersion: vers.version, Bugs: ProtocolBugs{ AlwaysRejectEarlyData: true, }, }, - resumeSession: true, - expectResumeRejected: false, - shouldFail: true, - expectedError: ":CERTIFICATE_VERIFY_FAILED:", - expectedLocalError: verifyFailLocalError, + resumeSession: true, + expectResumeRejected: false, + earlyData: true, + expectEarlyDataRejected: true, + shouldFail: true, + expectedError: ":CERTIFICATE_VERIFY_FAILED:", + expectedLocalError: verifyFailLocalError, flags: append([]string{ - "-enable-early-data", - "-expect-reject-early-data", - "-expect-ticket-supports-early-data", "-reverify-on-resume", - "-on-resume-shim-writes-first", "-on-retry-verify-fail", }, flags...), }) @@ -5391,50 +5396,29 @@ testType: testType, name: "EarlyData-Accept0RTT-Client-Reverify" + suffix, config: Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, + MaxVersion: vers.version, }, - resumeConfig: &Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - ExpectEarlyData: [][]byte{[]byte("hello")}, - }, - }, - resumeSession: true, - expectResumeRejected: false, + resumeSession: true, + earlyData: true, flags: append([]string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-reverify-on-resume", - "-on-resume-shim-writes-first", }, flags...), }) tests = append(tests, testCase{ testType: testType, name: "EarlyData-Accept0RTT-Client-ReverifyFails" + suffix, config: Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - ExpectEarlyData: [][]byte{[]byte("hello")}, - }, + MaxVersion: vers.version, }, resumeSession: true, + earlyData: true, shouldFail: true, expectedError: ":CERTIFICATE_VERIFY_FAILED:", // We do not set expectedLocalError here because the shim rejects // the connection without an alert. flags: append([]string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-reverify-on-resume", "-on-resume-verify-fail", - "-on-resume-shim-writes-first", }, flags...), }) } @@ -7339,12 +7323,10 @@ TokenBindingParams: []byte{2}, TokenBindingVersion: maxTokenBindingVersion, ExpectTokenBindingParams: []byte{2, 1, 0}, - MaxEarlyDataSize: 16384, }, resumeSession: true, + earlyData: true, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), }, @@ -7359,19 +7341,17 @@ MaxVersion: ver.version, TokenBindingParams: []byte{0, 1, 2}, TokenBindingVersion: maxTokenBindingVersion, - MaxEarlyDataSize: 16384, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, expectations: connectionExpectations{ tokenBinding: true, tokenBindingParam: 2, }, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), - "-expect-reject-early-data", "-on-retry-expect-early-data-reason", "token_binding", }, }) @@ -10450,14 +10430,11 @@ testCases = append(testCases, testCase{ name: "NoEarlyKeyingMaterial-Client-InEarlyData-" + vers.name, config: Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, + MaxVersion: vers.version, }, resumeSession: true, + earlyData: true, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-on-resume-expect-accept-early-data", "-on-resume-export-keying-material", "1024", "-on-resume-export-label", "label", "-on-resume-export-context", "context", @@ -10473,16 +10450,19 @@ config: Config{ MaxVersion: vers.version, Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{}, - ExpectEarlyDataAccepted: true, + // The shim writes exported data immediately after + // the handshake returns, so disable the built-in + // early data test. + SendEarlyData: [][]byte{}, + ExpectHalfRTTData: [][]byte{}, }, }, resumeSession: true, + earlyData: true, exportKeyingMaterial: 1024, exportLabel: "label", exportContext: "context", useExportContext: true, - flags: []string{"-enable-early-data"}, }) } } @@ -11500,20 +11480,14 @@ config: Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ - SendTicketAge: 70 * time.Second, - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, + SendTicketAge: 70 * time.Second, }, }, resumeSession: true, + earlyData: true, flags: []string{ "-resumption-delay", "10", "-expect-ticket-age-skew", "60", - // 0-RTT is accepted. - "-enable-early-data", - "-on-resume-expect-accept-early-data", - "-on-resume-expect-early-data-reason", "accept", }, }) testCases = append(testCases, testCase{ @@ -11522,20 +11496,14 @@ config: Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ - SendTicketAge: 10 * time.Second, - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, + SendTicketAge: 10 * time.Second, }, }, resumeSession: true, + earlyData: true, flags: []string{ "-resumption-delay", "70", "-expect-ticket-age-skew", "-60", - // 0-RTT is accepted. - "-enable-early-data", - "-on-resume-expect-accept-early-data", - "-on-resume-expect-early-data-reason", "accept", }, }) @@ -11546,18 +11514,15 @@ config: Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ - SendTicketAge: 71 * time.Second, - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, + SendTicketAge: 71 * time.Second, }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ "-resumption-delay", "10", "-expect-ticket-age-skew", "61", - // 0-RTT is rejected. - "-enable-early-data", - "-expect-reject-early-data", "-on-resume-expect-early-data-reason", "ticket_age_skew", }, }) @@ -11567,18 +11532,15 @@ config: Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ - SendTicketAge: 10 * time.Second, - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, + SendTicketAge: 10 * time.Second, }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ "-resumption-delay", "71", "-expect-ticket-age-skew", "-61", - // 0-RTT is rejected. - "-enable-early-data", - "-expect-reject-early-data", "-on-resume-expect-early-data-reason", "ticket_age_skew", }, }) @@ -11945,14 +11907,13 @@ MaxVersion: VersionTLS13, }, resumeConfig: &Config{ + MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ PartialEndOfEarlyDataWithClientHello: true, - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, }, }, resumeSession: true, - flags: []string{"-enable-early-data"}, + earlyData: true, shouldFail: true, expectedError: ":EXCESS_HANDSHAKE_DATA:", }) @@ -12529,15 +12490,8 @@ config: Config{ MaxVersion: VersionTLS13, }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - }, - }, resumeSession: true, - flags: []string{"-enable-early-data"}, + earlyData: true, }, }) } @@ -12774,26 +12728,14 @@ testType: clientTest, name: "EarlyData-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - ExpectEarlyData: [][]byte{{'h', 'e', 'l', 'l', 'o'}}, - }, + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, }, resumeSession: true, + earlyData: true, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-on-initial-expect-early-data-reason", "no_session_offered", - "-on-resume-expect-accept-early-data", "-on-resume-expect-early-data-reason", "accept", - "-on-resume-shim-writes-first", }, }) @@ -12801,22 +12743,18 @@ testType: clientTest, name: "EarlyData-Reject-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ AlwaysRejectEarlyData: true, }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", - "-on-resume-shim-writes-first", "-on-retry-expect-early-data-reason", "peer_declined", }, }) @@ -12827,18 +12765,12 @@ config: Config{ MaxVersion: VersionTLS13, MinVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, - }, }, messageCount: 2, resumeSession: true, + earlyData: true, flags: []string{ - "-enable-early-data", "-on-initial-expect-early-data-reason", "no_session_offered", - "-on-resume-expect-accept-early-data", "-on-resume-expect-early-data-reason", "accept", }, }) @@ -12852,17 +12784,13 @@ MaxVersion: VersionTLS13, MinVersion: VersionTLS13, Bugs: ProtocolBugs{ - UseFirstSessionTicket: true, - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, + UseFirstSessionTicket: true, }, }, messageCount: 2, resumeSession: true, + earlyData: true, flags: []string{ - "-enable-early-data", - "-on-resume-expect-accept-early-data", "-on-resume-expect-early-data-reason", "accept", }, }) @@ -13458,28 +13386,25 @@ }, }) - // Test the client handles 0-RTT being rejected by a full handshake. + // Test the client handles 0-RTT being rejected by a full handshake + // and correctly reports a certificate change. testCases = append(testCases, testCase{ testType: clientTest, name: "EarlyData-RejectTicket-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Certificates: []Certificate{rsaCertificate}, + MaxVersion: VersionTLS13, + Certificates: []Certificate{rsaCertificate}, }, resumeConfig: &Config{ MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, Certificates: []Certificate{ecdsaP256Certificate}, SessionTicketsDisabled: true, }, - resumeSession: true, - expectResumeRejected: true, + resumeSession: true, + expectResumeRejected: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", - "-on-resume-shim-writes-first", "-on-retry-expect-early-data-reason", "session_not_resumed", // Test the peer certificate is reported correctly in each of the // three logical connections. @@ -13499,8 +13424,6 @@ MaxVersion: VersionTLS13, MinVersion: VersionTLS13, Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, // Corrupt the ticket. FilterTicket: func(in []byte) ([]byte, error) { in[len(in)-1] ^= 1 @@ -13508,12 +13431,12 @@ }, }, }, - messageCount: 2, - resumeSession: true, - expectResumeRejected: true, + messageCount: 2, + resumeSession: true, + expectResumeRejected: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", - "-on-resume-expect-reject-early-data", "-on-resume-expect-early-data-reason", "session_not_resumed", }, }) @@ -13523,21 +13446,18 @@ testType: clientTest, name: "EarlyData-HRR-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ SendHelloRetryRequestCookie: []byte{1, 2, 3, 4}, }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", "-on-retry-expect-early-data-reason", "hello_retry_request", }, }) @@ -13551,16 +13471,12 @@ MinVersion: VersionTLS13, // Require a HelloRetryRequest for every curve. DefaultCurves: []CurveID{}, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, }, - messageCount: 2, - resumeSession: true, + messageCount: 2, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", - "-on-resume-expect-reject-early-data", "-on-resume-expect-early-data-reason", "hello_retry_request", }, }) @@ -13571,25 +13487,22 @@ testType: clientTest, name: "EarlyData-HRR-RejectTicket-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Certificates: []Certificate{rsaCertificate}, + MaxVersion: VersionTLS13, + Certificates: []Certificate{rsaCertificate}, }, resumeConfig: &Config{ MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, Certificates: []Certificate{ecdsaP256Certificate}, SessionTicketsDisabled: true, Bugs: ProtocolBugs{ SendHelloRetryRequestCookie: []byte{1, 2, 3, 4}, }, }, - resumeSession: true, - expectResumeRejected: true, + resumeSession: true, + expectResumeRejected: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", // The client sees HelloRetryRequest before the resumption result, // though neither value is inherently preferable. "-on-retry-expect-early-data-reason", "hello_retry_request", @@ -13613,8 +13526,6 @@ // Require a HelloRetryRequest for every curve. DefaultCurves: []CurveID{}, Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, // Corrupt the ticket. FilterTicket: func(in []byte) ([]byte, error) { in[len(in)-1] ^= 1 @@ -13622,12 +13533,12 @@ }, }, }, - messageCount: 2, - resumeSession: true, - expectResumeRejected: true, + messageCount: 2, + resumeSession: true, + expectResumeRejected: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", - "-on-resume-expect-reject-early-data", // The server sees the missed resumption before HelloRetryRequest, // though neither value is inherently preferable. "-on-resume-expect-early-data-reason", "session_not_resumed", @@ -13651,10 +13562,7 @@ }, }, resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - }, + earlyData: true, shouldFail: true, expectedError: ":UNEXPECTED_EXTENSION:", }) @@ -13665,17 +13573,13 @@ testType: clientTest, name: "EarlyDataVersionDowngrade-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, }, resumeConfig: &Config{ MaxVersion: VersionTLS12, }, resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - }, + earlyData: true, shouldFail: true, expectedError: ":WRONG_VERSION_ON_EARLY_DATA:", }) @@ -13686,25 +13590,21 @@ testType: clientTest, name: "ServerAcceptsEarlyDataOnHRR-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ SendHelloRetryRequestCookie: []byte{1, 2, 3, 4}, SendEarlyDataExtension: true, }, }, resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", - }, - shouldFail: true, - expectedError: ":UNEXPECTED_EXTENSION:", + earlyData: true, + // The client will first process an early data reject from the HRR. + expectEarlyDataRejected: true, + shouldFail: true, + expectedError: ":UNEXPECTED_EXTENSION:", }) testCases = append(testCases, testCase{ @@ -13777,25 +13677,22 @@ testType: clientTest, name: "EarlyData-ALPNMismatch-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ ALPNProtocol: &fooString, }, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ ALPNProtocol: &barString, }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ "-advertise-alpn", "\x03foo\x03bar", - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", // The client does not learn ALPN was the cause. "-on-retry-expect-early-data-reason", "peer_declined", // In the 0-RTT state, we surface the predicted ALPN. After @@ -13812,20 +13709,17 @@ testType: clientTest, name: "EarlyData-ALPNOmitted1-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - NextProtos: []string{"foo"}, + MaxVersion: VersionTLS13, + NextProtos: []string{"foo"}, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ "-advertise-alpn", "\x03foo\x03bar", - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", // The client does not learn ALPN was the cause. "-on-retry-expect-early-data-reason", "peer_declined", // In the 0-RTT state, we surface the predicted ALPN. After @@ -13833,7 +13727,6 @@ "-on-initial-expect-alpn", "", "-on-resume-expect-alpn", "", "-on-retry-expect-alpn", "foo", - "-on-resume-shim-writes-first", }, }) @@ -13843,20 +13736,17 @@ testType: clientTest, name: "EarlyData-ALPNOmitted2-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - NextProtos: []string{"foo"}, + MaxVersion: VersionTLS13, + NextProtos: []string{"foo"}, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ "-advertise-alpn", "\x03foo\x03bar", - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", // The client does not learn ALPN was the cause. "-on-retry-expect-early-data-reason", "peer_declined", // In the 0-RTT state, we surface the predicted ALPN. After @@ -13864,7 +13754,6 @@ "-on-initial-expect-alpn", "foo", "-on-resume-expect-alpn", "foo", "-on-retry-expect-alpn", "", - "-on-resume-shim-writes-first", }, }) @@ -13873,25 +13762,22 @@ testType: clientTest, name: "EarlyData-BadALPNMismatch-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ ALPNProtocol: &fooString, }, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ AlwaysAcceptEarlyData: true, ALPNProtocol: &barString, }, }, resumeSession: true, + earlyData: true, flags: []string{ "-advertise-alpn", "\x03foo\x03bar", - "-enable-early-data", - "-expect-ticket-supports-early-data", "-on-initial-expect-alpn", "foo", "-on-resume-expect-alpn", "foo", "-on-retry-expect-alpn", "bar", @@ -13960,6 +13846,8 @@ }, }, resumeSession: true, + // This test configures early data manually instead of the earlyData + // option, to customize the -enable-early-data flag. flags: []string{ "-on-resume-enable-early-data", "-expect-reject-early-data", @@ -13969,7 +13857,7 @@ }) // Test that we reject early data where ALPN is omitted from the first - // connection. + // connection, but negotiated in the second. testCases = append(testCases, testCase{ testType: serverTest, name: "EarlyData-ALPNOmitted1-Server-TLS13", @@ -13980,14 +13868,11 @@ resumeConfig: &Config{ MaxVersion: VersionTLS13, NextProtos: []string{"foo"}, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", "-on-initial-select-alpn", "", "-on-resume-select-alpn", "foo", "-on-resume-expect-early-data-reason", "alpn_mismatch", @@ -13995,7 +13880,7 @@ }) // Test that we reject early data where ALPN is omitted from the second - // connection. + // connection, but negotiated in the first. testCases = append(testCases, testCase{ testType: serverTest, name: "EarlyData-ALPNOmitted2-Server-TLS13", @@ -14006,14 +13891,11 @@ resumeConfig: &Config{ MaxVersion: VersionTLS13, NextProtos: []string{}, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", "-on-initial-select-alpn", "foo", "-on-resume-select-alpn", "", "-on-resume-expect-early-data-reason", "alpn_mismatch", @@ -14031,14 +13913,11 @@ resumeConfig: &Config{ MaxVersion: VersionTLS13, NextProtos: []string{"bar"}, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", "-on-initial-select-alpn", "foo", "-on-resume-select-alpn", "bar", "-on-resume-expect-early-data-reason", "alpn_mismatch", @@ -14052,10 +13931,10 @@ name: "EarlyDataChannelID-AcceptBoth-Client-TLS13", config: Config{ MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, RequestChannelID: true, }, resumeSession: true, + earlyData: true, expectations: connectionExpectations{ channelID: true, }, @@ -14063,8 +13942,6 @@ expectedError: ":UNEXPECTED_EXTENSION_ON_EARLY_DATA:", expectedLocalError: "remote error: illegal parameter", flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile), }, }) @@ -14076,21 +13953,19 @@ name: "EarlyDataChannelID-AcceptChannelID-Client-TLS13", config: Config{ MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, RequestChannelID: true, Bugs: ProtocolBugs{ AlwaysRejectEarlyData: true, }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, expectations: connectionExpectations{ channelID: true, }, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile), - "-expect-reject-early-data", // The client never learns the reason was Channel ID. "-on-retry-expect-early-data-reason", "peer_declined", }, @@ -14102,16 +13977,12 @@ testType: clientTest, name: "EarlyDataChannelID-AcceptEarlyData-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, }, resumeSession: true, + earlyData: true, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile), - "-on-resume-expect-accept-early-data", - "-on-resume-expect-early-data-reason", "accept", }, }) @@ -14123,18 +13994,14 @@ config: Config{ MaxVersion: VersionTLS13, ChannelID: channelIDKey, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, expectations: connectionExpectations{ channelID: true, }, flags: []string{ - "-enable-early-data", - "-expect-reject-early-data", "-expect-channel-id", base64.StdEncoding.EncodeToString(channelIDBytes), "-on-resume-expect-early-data-reason", "channel_id", @@ -14148,25 +14015,19 @@ name: "EarlyDataChannelID-OfferEarlyData-Server-TLS13", config: Config{ MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, - }, }, resumeSession: true, + earlyData: true, expectations: connectionExpectations{ channelID: false, }, flags: []string{ - "-enable-early-data", - "-on-resume-expect-accept-early-data", "-enable-channel-id", "-on-resume-expect-early-data-reason", "accept", }, }) - // Test that the server rejects 0-RTT streams without end_of_early_data. + // Test that the server errors on 0-RTT streams without end_of_early_data. // The subsequent records should fail to decrypt. testCases = append(testCases, testCase{ testType: serverTest, @@ -14174,18 +14035,18 @@ config: Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - SkipEndOfEarlyData: true, + SkipEndOfEarlyData: true, }, }, resumeSession: true, - flags: []string{"-enable-early-data"}, + earlyData: true, shouldFail: true, expectedLocalError: "remote error: bad record MAC", expectedError: ":BAD_DECRYPT:", }) + // Test that the server errors on 0-RTT streams with a stray handshake + // message in them. testCases = append(testCases, testCase{ testType: serverTest, name: "EarlyData-UnexpectedHandshake-Server-TLS13", @@ -14195,18 +14056,14 @@ resumeConfig: &Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, SendStrayEarlyHandshake: true, - ExpectEarlyDataAccepted: true, }, }, resumeSession: true, + earlyData: true, shouldFail: true, expectedError: ":UNEXPECTED_MESSAGE:", expectedLocalError: "remote error: unexpected message", - flags: []string{ - "-enable-early-data", - }, }) // Test that the client reports TLS 1.3 as the version while sending @@ -14215,14 +14072,11 @@ testType: clientTest, name: "EarlyData-Client-VersionAPI-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, }, resumeSession: true, + earlyData: true, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-on-resume-expect-accept-early-data", "-expect-version", strconv.Itoa(VersionTLS13), }, }) @@ -14233,22 +14087,16 @@ testType: clientTest, name: "EarlyData-Client-BadFinished-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ BadFinished: true, }, }, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-on-resume-expect-accept-early-data", - }, + resumeSession: true, + earlyData: true, shouldFail: true, expectedError: ":DIGEST_CHECK_FAILED:", expectedLocalError: "remote error: error decrypting message", @@ -14262,17 +14110,11 @@ resumeConfig: &Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, - BadFinished: true, + BadFinished: true, }, }, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-on-resume-expect-accept-early-data", - }, + resumeSession: true, + earlyData: true, shouldFail: true, expectedError: ":DIGEST_CHECK_FAILED:", expectedLocalError: "remote error: error decrypting message", @@ -14287,17 +14129,11 @@ resumeConfig: &Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - NonEmptyEndOfEarlyData: true, + NonEmptyEndOfEarlyData: true, }, }, resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-on-resume-expect-accept-early-data", - }, + earlyData: true, shouldFail: true, expectedError: ":DECODE_ERROR:", }) @@ -14400,36 +14236,36 @@ testType: clientTest, name: "EarlyData-Reject0RTT-DifferentPRF-Client", config: Config{ - MaxVersion: VersionTLS13, - CipherSuites: []uint16{TLS_AES_128_GCM_SHA256}, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, + CipherSuites: []uint16{TLS_AES_128_GCM_SHA256}, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - CipherSuites: []uint16{TLS_AES_256_GCM_SHA384}, + MaxVersion: VersionTLS13, + CipherSuites: []uint16{TLS_AES_256_GCM_SHA384}, }, - resumeSession: true, - expectResumeRejected: true, + resumeSession: true, + expectResumeRejected: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", - "-expect-reject-early-data", - "-expect-ticket-supports-early-data", - "-on-resume-shim-writes-first", + "-on-initial-expect-cipher", strconv.Itoa(int(TLS_AES_128_GCM_SHA256)), + // The client initially reports the old cipher suite while sending + // early data. After processing the 0-RTT reject, it reports the + // true cipher suite. + "-on-resume-expect-cipher", strconv.Itoa(int(TLS_AES_128_GCM_SHA256)), + "-on-retry-expect-cipher", strconv.Itoa(int(TLS_AES_256_GCM_SHA384)), }, }) testCases = append(testCases, testCase{ testType: clientTest, name: "EarlyData-Reject0RTT-DifferentPRF-HRR-Client", config: Config{ - MaxVersion: VersionTLS13, - CipherSuites: []uint16{TLS_AES_128_GCM_SHA256}, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, + CipherSuites: []uint16{TLS_AES_128_GCM_SHA256}, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - CipherSuites: []uint16{TLS_AES_256_GCM_SHA384}, + MaxVersion: VersionTLS13, + CipherSuites: []uint16{TLS_AES_256_GCM_SHA384}, // P-384 requires a HelloRetryRequest against BoringSSL's default // configuration. Assert this with ExpectMissingKeyShare. CurvePreferences: []CurveID{CurveP384}, @@ -14437,13 +14273,17 @@ ExpectMissingKeyShare: true, }, }, - resumeSession: true, - expectResumeRejected: true, + resumeSession: true, + expectResumeRejected: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", - "-expect-reject-early-data", - "-expect-ticket-supports-early-data", - "-on-resume-shim-writes-first", + "-on-initial-expect-cipher", strconv.Itoa(int(TLS_AES_128_GCM_SHA256)), + // The client initially reports the old cipher suite while sending + // early data. After processing the 0-RTT reject, it reports the + // true cipher suite. + "-on-resume-expect-cipher", strconv.Itoa(int(TLS_AES_128_GCM_SHA256)), + "-on-retry-expect-cipher", strconv.Itoa(int(TLS_AES_256_GCM_SHA384)), }, }) @@ -14452,23 +14292,18 @@ testType: clientTest, name: "EarlyData-CipherMismatch-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - CipherSuites: []uint16{TLS_AES_128_GCM_SHA256}, + MaxVersion: VersionTLS13, + CipherSuites: []uint16{TLS_AES_128_GCM_SHA256}, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - CipherSuites: []uint16{TLS_CHACHA20_POLY1305_SHA256}, + MaxVersion: VersionTLS13, + CipherSuites: []uint16{TLS_CHACHA20_POLY1305_SHA256}, Bugs: ProtocolBugs{ AlwaysAcceptEarlyData: true, }, }, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - }, + resumeSession: true, + earlyData: true, shouldFail: true, expectedError: ":CIPHER_MISMATCH_ON_EARLY_DATA:", expectedLocalError: "remote error: illegal parameter", @@ -15211,18 +15046,12 @@ config: Config{ MaxVersion: VersionTLS13, MinVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, - }, }, messageCount: 2, resumeSession: true, + earlyData: true, flags: []string{ "-async", - "-enable-early-data", - "-on-resume-expect-accept-early-data", "-no-op-extra-handshake", }, })
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc index 062a43a..e015466 100644 --- a/ssl/test/test_config.cc +++ b/ssl/test/test_config.cc
@@ -217,6 +217,7 @@ {"-max-cert-list", &TestConfig::max_cert_list}, {"-expect-cipher-aes", &TestConfig::expect_cipher_aes}, {"-expect-cipher-no-aes", &TestConfig::expect_cipher_no_aes}, + {"-expect-cipher", &TestConfig::expect_cipher}, {"-resumption-delay", &TestConfig::resumption_delay}, {"-max-send-fragment", &TestConfig::max_send_fragment}, {"-read-size", &TestConfig::read_size},
diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h index f424f8b..8fe439e 100644 --- a/ssl/test/test_config.h +++ b/ssl/test/test_config.h
@@ -137,6 +137,7 @@ bool use_exporter_between_reads = false; int expect_cipher_aes = 0; int expect_cipher_no_aes = 0; + int expect_cipher = 0; std::string expect_peer_cert_file; int resumption_delay = 0; bool retain_only_sha256_client_cert = false;