diff options
Diffstat (limited to 'tests/tls13-early-data.c')
-rw-r--r-- | tests/tls13-early-data.c | 370 |
1 files changed, 196 insertions, 174 deletions
diff --git a/tests/tls13-early-data.c b/tests/tls13-early-data.c index 381ecbdb97..b89fe75367 100644 --- a/tests/tls13-early-data.c +++ b/tests/tls13-early-data.c @@ -20,7 +20,7 @@ */ #ifdef HAVE_CONFIG_H -#include <config.h> +# include <config.h> #endif #include <stdbool.h> @@ -36,31 +36,31 @@ int main(void) #else -#include <string.h> -#include <sys/types.h> -#include <netinet/in.h> -#include <sys/socket.h> -#include <sys/wait.h> -#include <arpa/inet.h> -#include <unistd.h> -#include <gnutls/gnutls.h> -#include <gnutls/crypto.h> -#include <gnutls/dtls.h> -#include <signal.h> -#include <assert.h> - -#include "cert-common.h" -#include "utils.h" -#include "virt-time.h" -#define MIN(x,y) (((x)<(y))?(x):(y)) - -#define TRACE_CLIENT 1 -#define TRACE_SERVER 2 +# include <string.h> +# include <sys/types.h> +# include <netinet/in.h> +# include <sys/socket.h> +# include <sys/wait.h> +# include <arpa/inet.h> +# include <unistd.h> +# include <gnutls/gnutls.h> +# include <gnutls/crypto.h> +# include <gnutls/dtls.h> +# include <signal.h> +# include <assert.h> + +# include "cert-common.h" +# include "utils.h" +# include "virt-time.h" +# define MIN(x,y) (((x)<(y))?(x):(y)) + +# define TRACE_CLIENT 1 +# define TRACE_SERVER 2 /* To reproduce the entries in {client,server}-secrets.h, set this to * either TRACE_CLIENT or TRACE_SERVER. */ -#define TRACE 0 +# define TRACE 0 /* This program tests the robustness of record sending with padding. */ @@ -75,13 +75,12 @@ static void client_log_func(int level, const char *str) fprintf(stderr, "client|<%d>| %s", level, str); } - /* A very basic TLS client. */ -#define MAX_BUF 1024 -#define MSG "Hello TLS" -#define EARLY_MSG "Hello TLS, it's early" +# define MAX_BUF 1024 +# define MSG "Hello TLS" +# define EARLY_MSG "Hello TLS, it's early" extern unsigned int _gnutls_global_version; @@ -91,19 +90,26 @@ extern unsigned int _gnutls_global_version; * is to check that the early data is encrypted with the ciphersuite * selected during the initial handshake, not the resuming handshakes. */ -#define SESSIONS 3 -#define TLS13_AES_128_GCM "NONE:+VERS-TLS1.3:+AES-128-GCM:+AEAD:+SIGN-RSA-PSS-RSAE-SHA384:+GROUP-SECP256R1" -#define TLS13_CHACHA20_POLY1305 "NONE:+VERS-TLS1.3:+CHACHA20-POLY1305:+AEAD:+SIGN-RSA-PSS-RSAE-SHA384:+GROUP-SECP256R1" +# define SESSIONS 3 +# define TLS13_AES_128_GCM "NONE:+VERS-TLS1.3:+AES-128-GCM:+AEAD:+SIGN-RSA-PSS-RSAE-SHA384:+GROUP-SECP256R1" +# define TLS13_CHACHA20_POLY1305 "NONE:+VERS-TLS1.3:+CHACHA20-POLY1305:+AEAD:+SIGN-RSA-PSS-RSAE-SHA384:+GROUP-SECP256R1" static const -gnutls_datum_t hrnd = {(void*)"\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32}; +gnutls_datum_t hrnd = { (void *) + "\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 32 +}; + static const -gnutls_datum_t hsrnd = {(void*)"\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32}; +gnutls_datum_t hsrnd = { (void *) + "\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 32 +}; static int gnutls_rnd_works; -int __attribute__ ((visibility ("protected"))) -gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len) +int __attribute__((visibility("protected"))) + gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len) { gnutls_rnd_works = 1; @@ -116,8 +122,8 @@ gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len) return 0; } -#define MAX_SECRET_SIZE 64 -#define MAX_SECRET_COUNT 10 +# define MAX_SECRET_SIZE 64 +# define MAX_SECRET_COUNT 10 struct secret { gnutls_record_encryption_level_t level; @@ -128,62 +134,62 @@ struct secret { uint8_t secret_write_buf[MAX_SECRET_SIZE]; }; -#include "client-secrets.h" -#include "server-secrets.h" +# include "client-secrets.h" +# include "server-secrets.h" struct secrets_expected { const struct secret *secrets; size_t count; }; -#define SIZEOF(array) (sizeof(array) / sizeof(array[0])) +# define SIZEOF(array) (sizeof(array) / sizeof(array[0])) static const struct secrets_expected client_normal[SESSIONS] = { - { client_normal_0, SIZEOF(client_normal_0) }, - { client_normal_1, SIZEOF(client_normal_1) }, - { client_normal_2, SIZEOF(client_normal_2) }, + {client_normal_0, SIZEOF(client_normal_0)}, + {client_normal_1, SIZEOF(client_normal_1)}, + {client_normal_2, SIZEOF(client_normal_2)}, }; static const struct secrets_expected client_small[SESSIONS] = { - { client_small_0, SIZEOF(client_small_0) }, - { client_small_1, SIZEOF(client_small_1) }, - { client_small_2, SIZEOF(client_small_2) }, + {client_small_0, SIZEOF(client_small_0)}, + {client_small_1, SIZEOF(client_small_1)}, + {client_small_2, SIZEOF(client_small_2)}, }; static const struct secrets_expected client_empty[SESSIONS] = { - { client_empty_0, SIZEOF(client_empty_0) }, - { client_empty_1, SIZEOF(client_empty_1) }, - { client_empty_2, SIZEOF(client_empty_2) }, + {client_empty_0, SIZEOF(client_empty_0)}, + {client_empty_1, SIZEOF(client_empty_1)}, + {client_empty_2, SIZEOF(client_empty_2)}, }; static const struct secrets_expected client_explicit[SESSIONS] = { - { client_explicit_0, SIZEOF(client_explicit_0) }, - { client_explicit_1, SIZEOF(client_explicit_1) }, - { client_explicit_2, SIZEOF(client_explicit_2) }, + {client_explicit_0, SIZEOF(client_explicit_0)}, + {client_explicit_1, SIZEOF(client_explicit_1)}, + {client_explicit_2, SIZEOF(client_explicit_2)}, }; static const struct secrets_expected server_normal[SESSIONS] = { - { server_normal_0, SIZEOF(server_normal_0) }, - { server_normal_1, SIZEOF(server_normal_1) }, - { server_normal_2, SIZEOF(server_normal_2) }, + {server_normal_0, SIZEOF(server_normal_0)}, + {server_normal_1, SIZEOF(server_normal_1)}, + {server_normal_2, SIZEOF(server_normal_2)}, }; static const struct secrets_expected server_small[SESSIONS] = { - { server_small_0, SIZEOF(server_small_0) }, - { server_small_1, SIZEOF(server_small_1) }, - { server_small_2, SIZEOF(server_small_2) }, + {server_small_0, SIZEOF(server_small_0)}, + {server_small_1, SIZEOF(server_small_1)}, + {server_small_2, SIZEOF(server_small_2)}, }; static const struct secrets_expected server_empty[SESSIONS] = { - { server_empty_0, SIZEOF(server_empty_0) }, - { server_empty_1, SIZEOF(server_empty_1) }, - { server_empty_2, SIZEOF(server_empty_2) }, + {server_empty_0, SIZEOF(server_empty_0)}, + {server_empty_1, SIZEOF(server_empty_1)}, + {server_empty_2, SIZEOF(server_empty_2)}, }; static const struct secrets_expected server_explicit[SESSIONS] = { - { server_explicit_0, SIZEOF(server_explicit_0) }, - { server_explicit_1, SIZEOF(server_explicit_1) }, - { server_explicit_2, SIZEOF(server_explicit_2) }, + {server_explicit_0, SIZEOF(server_explicit_0)}, + {server_explicit_1, SIZEOF(server_explicit_1)}, + {server_explicit_2, SIZEOF(server_explicit_2)}, }; struct fixture { @@ -199,50 +205,49 @@ struct fixture { static const struct fixture fixtures[] = { { - .name = "normal", - .cflags = 0, - .sflags = 0, - .early_data = { (uint8_t *)EARLY_MSG, sizeof(EARLY_MSG) }, - .max_early_data_size = MAX_BUF, - .expect_early_data = true, - .client_secrets = client_normal, - .server_secrets = server_normal, - }, + .name = "normal", + .cflags = 0, + .sflags = 0, + .early_data = {(uint8_t *) EARLY_MSG, sizeof(EARLY_MSG)}, + .max_early_data_size = MAX_BUF, + .expect_early_data = true, + .client_secrets = client_normal, + .server_secrets = server_normal, + }, { - .name = "small", - .cflags = 0, - .sflags = 0, - .early_data = { (uint8_t *)EARLY_MSG, sizeof(EARLY_MSG) }, - .max_early_data_size = 10, - .expect_early_data = true, - .client_secrets = client_small, - .server_secrets = server_small, - }, + .name = "small", + .cflags = 0, + .sflags = 0, + .early_data = {(uint8_t *) EARLY_MSG, sizeof(EARLY_MSG)}, + .max_early_data_size = 10, + .expect_early_data = true, + .client_secrets = client_small, + .server_secrets = server_small, + }, { - .name = "empty", - .cflags = 0, - .sflags = 0, - .early_data = { NULL, 0 }, - .max_early_data_size = MAX_BUF, - .expect_early_data = false, - .client_secrets = client_empty, - .server_secrets = server_empty, - }, + .name = "empty", + .cflags = 0, + .sflags = 0, + .early_data = {NULL, 0}, + .max_early_data_size = MAX_BUF, + .expect_early_data = false, + .client_secrets = client_empty, + .server_secrets = server_empty, + }, { - .name = "explicit", - .cflags = GNUTLS_ENABLE_EARLY_DATA, - .sflags = 0, - .early_data = { NULL, 0 }, - .max_early_data_size = MAX_BUF, - .expect_early_data = false, - .client_secrets = client_explicit, - .server_secrets = server_explicit, - }, + .name = "explicit", + .cflags = GNUTLS_ENABLE_EARLY_DATA, + .sflags = 0, + .early_data = {NULL, 0}, + .max_early_data_size = MAX_BUF, + .expect_early_data = false, + .client_secrets = client_explicit, + .server_secrets = server_explicit, + }, }; -#if TRACE -static void -print_secret(FILE *out, struct secret *secret) +# if TRACE +static void print_secret(FILE * out, struct secret *secret) { const char *level; @@ -287,7 +292,7 @@ print_secret(FILE *out, struct secret *secret) } static void -print_secrets(FILE *out, const char *side, const char *name, int t, +print_secrets(FILE * out, const char *side, const char *name, int t, struct secret *secrets, size_t count) { size_t i; @@ -301,7 +306,7 @@ print_secrets(FILE *out, const char *side, const char *name, int t, } fputs("};\n\n", out); } -#endif +# endif static void check_secrets(const struct secret *secrets, size_t count, @@ -321,12 +326,14 @@ check_secrets(const struct secret *secrets, size_t count, } if (secrets[i].secret_size != expected->secrets[i].secret_size) { fail("unexpected secret size: %zu != %zu\n", - secrets[i].secret_size, expected->secrets[i].secret_size); + secrets[i].secret_size, + expected->secrets[i].secret_size); } if ((secrets[i].secret_read == NULL) != (expected->secrets[i].secret_read == NULL)) { fail("unexpected secret for read: %p != %p\n", - secrets[i].secret_read, expected->secrets[i].secret_read); + secrets[i].secret_read, + expected->secrets[i].secret_read); } if (expected->secrets[i].secret_read && memcmp(secrets[i].secret_read, @@ -337,7 +344,8 @@ check_secrets(const struct secret *secrets, size_t count, if ((secrets[i].secret_write == NULL) != (expected->secrets[i].secret_write == NULL)) { fail("unexpected secret for write: %p != %p\n", - secrets[i].secret_write, expected->secrets[i].secret_write); + secrets[i].secret_write, + expected->secrets[i].secret_write); } if (expected->secrets[i].secret_write && memcmp(secrets[i].secret_write, @@ -358,8 +366,7 @@ static int secret_callback(gnutls_session_t session, gnutls_record_encryption_level_t level, const void *secret_read, - const void *secret_write, - size_t secret_size) + const void *secret_write, size_t secret_size) { struct callback_data *data = gnutls_session_get_ptr(session); struct secret *secret = &data->secrets[data->secret_callback_called]; @@ -375,16 +382,12 @@ secret_callback(gnutls_session_t session, cipher_algo = gnutls_early_cipher_get(session); if (cipher_algo != GNUTLS_CIPHER_AES_128_GCM) { - fail("unexpected cipher used for early data: %s != %s\n", - gnutls_cipher_get_name(cipher_algo), - gnutls_cipher_get_name(GNUTLS_CIPHER_AES_128_GCM)); + fail("unexpected cipher used for early data: %s != %s\n", gnutls_cipher_get_name(cipher_algo), gnutls_cipher_get_name(GNUTLS_CIPHER_AES_128_GCM)); } digest_algo = gnutls_early_prf_hash_get(session); if (digest_algo != GNUTLS_DIG_SHA256) { - fail("unexpected PRF hash used for early data: %s != %s\n", - gnutls_digest_get_name(digest_algo), - gnutls_digest_get_name(GNUTLS_DIG_SHA256)); + fail("unexpected PRF hash used for early data: %s != %s\n", gnutls_digest_get_name(digest_algo), gnutls_digest_get_name(GNUTLS_DIG_SHA256)); } } } @@ -412,15 +415,14 @@ secret_callback(gnutls_session_t session, return 0; } -static void -client(int sds[], const struct fixture *fixture) +static void client(int sds[], const struct fixture *fixture) { int ret; char buffer[MAX_BUF + 1]; gnutls_certificate_credentials_t x509_cred; gnutls_session_t session; int t; - gnutls_datum_t session_data = {NULL, 0}; + gnutls_datum_t session_data = { NULL, 0 }; global_init(); @@ -438,10 +440,15 @@ client(int sds[], const struct fixture *fixture) int sd = sds[t]; struct callback_data callback_data; - assert(gnutls_init(&session, GNUTLS_CLIENT|fixture->cflags)>=0); - assert(gnutls_priority_set_direct(session, t == 0 ? TLS13_AES_128_GCM : TLS13_CHACHA20_POLY1305, NULL)>=0); + assert(gnutls_init(&session, GNUTLS_CLIENT | fixture->cflags) >= + 0); + assert(gnutls_priority_set_direct + (session, + t == 0 ? TLS13_AES_128_GCM : TLS13_CHACHA20_POLY1305, + NULL) >= 0); - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + x509_cred); gnutls_transport_set_int(session, sd); assert(gnutls_handshake_set_random(session, &hrnd) >= 0); @@ -452,17 +459,20 @@ client(int sds[], const struct fixture *fixture) gnutls_handshake_set_secret_function(session, secret_callback); if (t > 0) { - assert(gnutls_session_set_data(session, session_data.data, session_data.size) >= 0); + assert(gnutls_session_set_data + (session, session_data.data, + session_data.size) >= 0); /* The server should have advertised the same maximum. */ if (gnutls_record_get_max_early_data_size(session) != fixture->max_early_data_size) - fail("client: max_early_data_size mismatch %d != %d\n", - (int) gnutls_record_get_max_early_data_size(session), - (int) fixture->max_early_data_size); + fail("client: max_early_data_size mismatch %d != %d\n", (int)gnutls_record_get_max_early_data_size(session), (int)fixture->max_early_data_size); assert(gnutls_record_send_early_data(session, - fixture->early_data.data, - MIN(fixture->early_data.size, - fixture->max_early_data_size)) >= 0); + fixture->early_data. + data, + MIN + (fixture->early_data.size, + fixture->max_early_data_size)) + >= 0); } /* Perform the TLS handshake @@ -482,13 +492,14 @@ client(int sds[], const struct fixture *fixture) } if (!gnutls_rnd_works) { - success("client: gnutls_rnd() could not be overridden\n"); + success + ("client: gnutls_rnd() could not be overridden\n"); } else { -#if TRACE == TRACE_CLIENT +# if TRACE == TRACE_CLIENT print_secrets(stderr, "client", fixture->name, t, callback_data.secrets, callback_data.secret_callback_called); -#endif +# endif check_secrets(callback_data.secrets, callback_data.secret_callback_called, &fixture->client_secrets[t]); @@ -503,28 +514,28 @@ client(int sds[], const struct fixture *fixture) if (t == 0) { /* get the session data size */ - ret = - gnutls_session_get_data2(session, - &session_data); + ret = gnutls_session_get_data2(session, &session_data); if (ret < 0) fail("client: Getting resume data failed\n"); } if (t > 0) { if (!gnutls_session_is_resumed(session)) { - fail("client: session_is_resumed error (%d)\n", t); + fail("client: session_is_resumed error (%d)\n", + t); } } gnutls_record_send(session, MSG, strlen(MSG)); do { - ret = gnutls_record_recv(session, buffer, sizeof(buffer)); + ret = + gnutls_record_recv(session, buffer, sizeof(buffer)); } while (ret == GNUTLS_E_AGAIN); if (ret == 0) { if (debug) success - ("client: Peer has closed the TLS connection\n"); + ("client: Peer has closed the TLS connection\n"); goto end; } else if (ret < 0) { fail("client: Error: %s\n", gnutls_strerror(ret)); @@ -544,10 +555,9 @@ client(int sds[], const struct fixture *fixture) gnutls_global_deinit(); } - static pid_t child; -#define MAX_CLIENT_HELLO_RECORDED 10 +# define MAX_CLIENT_HELLO_RECORDED 10 struct storage_st { gnutls_datum_t entries[MAX_CLIENT_HELLO_RECORDED]; @@ -555,7 +565,8 @@ struct storage_st { }; static int -storage_add(void *ptr, time_t expires, const gnutls_datum_t *key, const gnutls_datum_t *value) +storage_add(void *ptr, time_t expires, const gnutls_datum_t * key, + const gnutls_datum_t * value) { struct storage_st *storage = ptr; gnutls_datum_t *datum; @@ -563,7 +574,8 @@ storage_add(void *ptr, time_t expires, const gnutls_datum_t *key, const gnutls_d for (i = 0; i < storage->num_entries; i++) { if (key->size == storage->entries[i].size && - memcmp(storage->entries[i].data, key->data, key->size) == 0) { + memcmp(storage->entries[i].data, key->data, + key->size) == 0) { return GNUTLS_E_DB_ENTRY_EXISTS; } } @@ -586,8 +598,7 @@ storage_add(void *ptr, time_t expires, const gnutls_datum_t *key, const gnutls_d return 0; } -static void -storage_clear(struct storage_st *storage) +static void storage_clear(struct storage_st *storage) { size_t i; @@ -596,8 +607,7 @@ storage_clear(struct storage_st *storage) storage->num_entries = 0; } -static void -server(int sds[], const struct fixture *fixture) +static void server(int sds[], const struct fixture *fixture) { int ret; char buffer[MAX_BUF + 1]; @@ -625,8 +635,7 @@ server(int sds[], const struct fixture *fixture) gnutls_certificate_allocate_credentials(&x509_cred); gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, - &server_key, - GNUTLS_X509_FMT_PEM); + &server_key, GNUTLS_X509_FMT_PEM); gnutls_session_ticket_key_generate(&session_ticket_key); @@ -641,11 +650,17 @@ server(int sds[], const struct fixture *fixture) int sd = sds[t]; struct callback_data callback_data; - assert(gnutls_init(&session, GNUTLS_SERVER|GNUTLS_ENABLE_EARLY_DATA)>=0); + assert(gnutls_init + (&session, + GNUTLS_SERVER | GNUTLS_ENABLE_EARLY_DATA) >= 0); - assert(gnutls_priority_set_direct(session, t == 0 ? TLS13_AES_128_GCM : TLS13_CHACHA20_POLY1305, NULL)>=0); + assert(gnutls_priority_set_direct + (session, + t == 0 ? TLS13_AES_128_GCM : TLS13_CHACHA20_POLY1305, + NULL) >= 0); - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + x509_cred); gnutls_session_ticket_enable_server(session, &session_ticket_key); @@ -656,7 +671,8 @@ server(int sds[], const struct fixture *fixture) * until max_early_data_size without decryption */ if (t < 2) - (void) gnutls_record_set_max_early_data_size(session, fixture->max_early_data_size); + (void)gnutls_record_set_max_early_data_size(session, + fixture->max_early_data_size); assert(gnutls_handshake_set_random(session, &hsrnd) >= 0); gnutls_transport_set_int(session, sd); @@ -681,12 +697,14 @@ server(int sds[], const struct fixture *fixture) if (t > 0) { if (!gnutls_session_is_resumed(session)) { - fail("server: session_is_resumed error (%d)\n", t); + fail("server: session_is_resumed error (%d)\n", + t); } } if (!gnutls_rnd_works) { - success("server: gnutls_rnd() could not be overridden\n"); + success + ("server: gnutls_rnd() could not be overridden\n"); goto skip_early_data; } @@ -696,12 +714,11 @@ server(int sds[], const struct fixture *fixture) fail("negotiated unexpected cipher: %s\n", gnutls_cipher_get_name(ret)); } - -#if TRACE == TRACE_SERVER +# if TRACE == TRACE_SERVER print_secrets(stderr, "server", fixture->name, t, callback_data.secrets, callback_data.secret_callback_called); -#endif +# endif check_secrets(callback_data.secrets, callback_data.secret_callback_called, &fixture->server_secrets[t]); @@ -710,42 +727,47 @@ server(int sds[], const struct fixture *fixture) * early data only on the first resumption */ if (t == 1) { if (fixture->expect_early_data && - !(gnutls_session_get_flags(session) & GNUTLS_SFLAGS_EARLY_DATA)) { - fail("server: early data is not received (%d)\n", - t); + !(gnutls_session_get_flags(session) & + GNUTLS_SFLAGS_EARLY_DATA)) { + fail("server: early data is not received (%d)\n", t); } - ret = gnutls_record_recv_early_data(session, buffer, sizeof(buffer)); + ret = + gnutls_record_recv_early_data(session, buffer, + sizeof(buffer)); if (ret < 0) { if (fixture->early_data.size == 0 || fixture->max_early_data_size == 0) { - if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { - fail("server: unexpected error code when retrieving empty early data: %s\n", - gnutls_strerror(ret)); + if (ret != + GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + { + fail("server: unexpected error code when retrieving empty early data: %s\n", gnutls_strerror(ret)); } } else { - fail("server: failed to retrieve early data: %s\n", - gnutls_strerror(ret)); + fail("server: failed to retrieve early data: %s\n", gnutls_strerror(ret)); } } else { if (fixture->early_data.size == 0 || fixture->max_early_data_size == 0) { - fail("server: unexpected early data received: %d\n", - ret); - } else if ((size_t) ret != MIN(fixture->early_data.size, - fixture->max_early_data_size) || - memcmp(buffer, fixture->early_data.data, ret)) { + fail("server: unexpected early data received: %d\n", ret); + } else if ((size_t)ret != + MIN(fixture->early_data.size, + fixture->max_early_data_size) + || memcmp(buffer, + fixture->early_data.data, + ret)) { fail("server: early data mismatch\n"); } } } else if (t == 2) { if (fixture->expect_early_data && - gnutls_session_get_flags(session) & GNUTLS_SFLAGS_EARLY_DATA) { + gnutls_session_get_flags(session) & + GNUTLS_SFLAGS_EARLY_DATA) { fail("server: early data is not rejected (%d)\n", t); } } - skip_early_data: + skip_early_data: /* see the Getting peer's information example */ /* print_info(session); */ @@ -760,7 +782,8 @@ server(int sds[], const struct fixture *fixture) break; } else if (ret < 0) { kill(child, SIGTERM); - fail("server: Error: %s\n", gnutls_strerror(ret)); + fail("server: Error: %s\n", + gnutls_strerror(ret)); } else if (ret > 0) { /* echo data back to the client */ @@ -791,8 +814,7 @@ server(int sds[], const struct fixture *fixture) success("server: finished\n"); } -static void -start(const struct fixture *fixture) +static void start(const struct fixture *fixture) { int client_sds[SESSIONS], server_sds[SESSIONS]; int i; |