Early data is time sensitive. We have an approx 8 second allowance between
writing the early data and reading it. If we exceed that time tests will
fail. This can sometimes (rarely) occur in normal CI operation. We can try
and detect this and just ignore the result of such test failures if the test
has taken too long. We assume anything over 7 seconds is too long.
This is a partial fix for #22605
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23966)
SOURCE[sslapitest]=sslapitest.c helpers/ssltestlib.c filterprov.c tls-provider.c
INCLUDE[sslapitest]=../include ../apps/include ..
SOURCE[sslapitest]=sslapitest.c helpers/ssltestlib.c filterprov.c tls-provider.c
INCLUDE[sslapitest]=../include ../apps/include ..
- DEPEND[sslapitest]=../libcrypto ../libssl libtestutil.a
+ DEPEND[sslapitest]=../libcrypto.a ../libssl.a libtestutil.a
SOURCE[ssl_handshake_rtt_test]=ssl_handshake_rtt_test.c helpers/ssltestlib.c
INCLUDE[ssl_handshake_rtt_test]=../include ../apps/include ..
SOURCE[ssl_handshake_rtt_test]=ssl_handshake_rtt_test.c helpers/ssltestlib.c
INCLUDE[ssl_handshake_rtt_test]=../include ../apps/include ..
+static int check_early_data_timeout(OSSL_TIME timer)
+{
+ int res = 0;
+
+ /*
+ * Early data is time sensitive. We have an approx 8 second allowance
+ * between writing the early data and reading it. If we exceed that time
+ * then this test will fail. This can sometimes (rarely) occur in normal CI
+ * operation. We can try and detect this and just ignore the result of this
+ * test if it has taken too long. We assume anything over 7 seconds is too
+ * long
+ */
+ timer = ossl_time_subtract(ossl_time_now(), timer);
+ if (ossl_time_compare(timer, ossl_seconds2time(7)) >= 0)
+ res = TEST_skip("Test took too long, ignoring result");
+
+ return res;
+}
+
static int test_early_data_read_write(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
static int test_early_data_read_write(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
unsigned char buf[20], data[1024];
size_t readbytes, written, eoedlen, rawread, rawwritten;
BIO *rbio;
unsigned char buf[20], data[1024];
size_t readbytes, written, eoedlen, rawread, rawwritten;
BIO *rbio;
/* Artificially give the next 2 tickets some age for non PSK sessions */
if (idx != 2)
/* Artificially give the next 2 tickets some age for non PSK sessions */
if (idx != 2)
artificial_ticket_time = 0;
/* Write and read some early data */
artificial_ticket_time = 0;
/* Write and read some early data */
+ timer = ossl_time_now();
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written))
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written))
- || !TEST_size_t_eq(written, strlen(MSG1))
- || !TEST_int_eq(SSL_read_early_data(serverssl, buf,
- sizeof(buf), &readbytes),
- SSL_READ_EARLY_DATA_SUCCESS)
- || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
+ || !TEST_size_t_eq(written, strlen(MSG1)))
+ goto end;
+
+ if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
+ &readbytes),
+ SSL_READ_EARLY_DATA_SUCCESS)) {
+ testresult = check_early_data_timeout(timer);
+ goto end;
+ }
+
+ if (!TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_ACCEPTED))
goto end;
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_ACCEPTED))
goto end;
SSL_SESSION *sess = NULL;
size_t readbytes, written;
unsigned char buf[20];
SSL_SESSION *sess = NULL;
size_t readbytes, written;
unsigned char buf[20];
goto end;
/* Write and read some early data */
goto end;
/* Write and read some early data */
+ timer = ossl_time_now();
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written))
|| !TEST_size_t_eq(written, strlen(MSG1)))
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written))
|| !TEST_size_t_eq(written, strlen(MSG1)))
/* In this case the callback decides to accept the early data */
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
/* In this case the callback decides to accept the early data */
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
- SSL_READ_EARLY_DATA_SUCCESS)
- || !TEST_mem_eq(MSG1, strlen(MSG1), buf, readbytes)
+ SSL_READ_EARLY_DATA_SUCCESS)) {
+ testresult = check_early_data_timeout(timer);
+ goto end;
+ }
+ if (!TEST_mem_eq(MSG1, strlen(MSG1), buf, readbytes)
/*
* Server will have sent its flight so client can now send
* end of early data and complete its half of the handshake
/*
* Server will have sent its flight so client can now send
* end of early data and complete its half of the handshake
|| !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), err))
goto end;
} else {
|| !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), err))
goto end;
} else {
+ OSSL_TIME timer = ossl_time_now();
+
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written)))
goto end;
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written)))
goto end;
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
- &readbytes), readearlyres)
- || (readearlyres == SSL_READ_EARLY_DATA_SUCCESS
+ &readbytes), readearlyres)) {
+ testresult = check_early_data_timeout(timer);
+ goto end;
+ }
+
+ if ((readearlyres == SSL_READ_EARLY_DATA_SUCCESS
&& !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)))
|| !TEST_int_eq(SSL_get_early_data_status(serverssl), edstatus)
|| !TEST_int_eq(SSL_connect(clientssl), connectres))
&& !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)))
|| !TEST_int_eq(SSL_get_early_data_status(serverssl), edstatus)
|| !TEST_int_eq(SSL_connect(clientssl), connectres))
unsigned char buf[20];
size_t readbytes, written;
const SSL_CIPHER *cipher;
unsigned char buf[20];
size_t readbytes, written;
const SSL_CIPHER *cipher;
const char *cipher_str[] = {
TLS1_3_RFC_AES_128_GCM_SHA256,
TLS1_3_RFC_AES_256_GCM_SHA384,
const char *cipher_str[] = {
TLS1_3_RFC_AES_128_GCM_SHA256,
TLS1_3_RFC_AES_256_GCM_SHA384,
goto end;
SSL_set_connect_state(clientssl);
goto end;
SSL_set_connect_state(clientssl);
+ timer = ossl_time_now();
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written)))
goto end;
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written)))
goto end;
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
- SSL_READ_EARLY_DATA_SUCCESS)
- || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
+ SSL_READ_EARLY_DATA_SUCCESS)) {
+ testresult = check_early_data_timeout(timer);
+ goto end;
+ }
+
+ if (!TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_ACCEPTED)
|| !TEST_int_eq(SSL_connect(clientssl), 1)
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_ACCEPTED)
|| !TEST_int_eq(SSL_connect(clientssl), 1)
SSL_SESSION *sess = NULL;
size_t written, readbytes;
unsigned char buf[80];
SSL_SESSION *sess = NULL;
size_t written, readbytes;
unsigned char buf[80];
/* early_data tests */
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
/* early_data tests */
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
sslapi_info_callback);
/* Write and read some early data and then complete the connection */
sslapi_info_callback);
/* Write and read some early data and then complete the connection */
+ timer = ossl_time_now();
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written))
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written))
- || !TEST_size_t_eq(written, strlen(MSG1))
- || !TEST_int_eq(SSL_read_early_data(serverssl, buf,
- sizeof(buf), &readbytes),
- SSL_READ_EARLY_DATA_SUCCESS)
- || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
+ || !TEST_size_t_eq(written, strlen(MSG1)))
+ goto end;
+
+ if (!TEST_int_eq(SSL_read_early_data(serverssl, buf,
+ sizeof(buf), &readbytes),
+ SSL_READ_EARLY_DATA_SUCCESS)) {
+ testresult = check_early_data_timeout(timer);
+ goto end;
+ }
+
+ if (!TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_ACCEPTED)
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_ACCEPTED)
|| !TEST_true(create_ssl_connection(serverssl, clientssl,