Bug 1417331 - fix key log unit tests, r=mt

The key log unit tests were never activated because the SSLKEYLOGFILE
environment variable was not properly set (putenv claims the pointer and
requires it to be valid after invocation) after changing to PR_SetEnv.

The test failures did not show up because gtest somehow swallows errors
for the child process. Set "throw_on_failure" in the child to fix this.

And finally fix the invalid tests (client random size 1? nope) and
ensure 0-RTT is triggered such that CLIENT_EARLY_TRAFFIC_SECRET can be
tested.

1 files changed, 37 insertions, 16 deletions

diff --git a/gtests/ssl_gtest/ssl_keylog_unittest.cc b/gtests/ssl_gtest/ssl_keylog_unittest.cc
index c390e16d7..9463cd02c 100644
--- a/gtests/ssl_gtest/ssl_keylog_unittest.cc
+++ b/gtests/ssl_gtest/ssl_keylog_unittest.cc
@@ -14,6 +14,7 @@
 namespace nss_test {
 
 static const std::string keylog_file_path = "keylog.txt";
+static const std::string keylog_env = "SSLKEYLOGFILE=" + keylog_file_path;
 
 class KeyLogFileTest : public TlsConnectGeneric {
  public:
@@ -21,15 +22,13 @@ class KeyLogFileTest : public TlsConnectGeneric {
     TlsConnectTestBase::SetUp();
     // Remove previous results (if any).
     (void)remove(keylog_file_path.c_str());
-    std::ostringstream sstr;
-    sstr << "SSLKEYLOGFILE=" << keylog_file_path;
-    PR_SetEnv(sstr.str().c_str());
+    PR_SetEnv(keylog_env.c_str());
   }
 
   void CheckKeyLog() {
     std::ifstream f(keylog_file_path);
     std::map<std::string, size_t> labels;
-    std::string last_client_random;
+    std::set<std::string> client_randoms;
     for (std::string line; std::getline(f, line);) {
       if (line[0] == '#') {
         continue;
@@ -39,27 +38,49 @@ class KeyLogFileTest : public TlsConnectGeneric {
       std::string label, client_random, secret;
       iss >> label >> client_random >> secret;
 
-      ASSERT_EQ(1U, client_random.size());
-      ASSERT_TRUE(last_client_random.empty() ||
-                  last_client_random == client_random);
-      last_client_random = client_random;
+      ASSERT_EQ(64U, client_random.size());
+      client_randoms.insert(client_random);
       labels[label]++;
     }
 
     if (version_ < SSL_LIBRARY_VERSION_TLS_1_3) {
-      ASSERT_EQ(1U, labels["CLIENT_RANDOM"]);
+      ASSERT_EQ(1U, client_randoms.size());
     } else {
-      ASSERT_EQ(1U, labels["CLIENT_EARLY_TRAFFIC_SECRET"]);
-      ASSERT_EQ(1U, labels["CLIENT_HANDSHAKE_TRAFFIC_SECRET"]);
-      ASSERT_EQ(1U, labels["SERVER_HANDSHAKE_TRAFFIC_SECRET"]);
-      ASSERT_EQ(1U, labels["CLIENT_TRAFFIC_SECRET_0"]);
-      ASSERT_EQ(1U, labels["SERVER_TRAFFIC_SECRET_0"]);
-      ASSERT_EQ(1U, labels["EXPORTER_SECRET"]);
+      /* two handshakes for 0-RTT */
+      ASSERT_EQ(2U, client_randoms.size());
+    }
+
+    // Every entry occurs twice (one log from server, one from client).
+    if (version_ < SSL_LIBRARY_VERSION_TLS_1_3) {
+      ASSERT_EQ(2U, labels["CLIENT_RANDOM"]);
+    } else {
+      ASSERT_EQ(2U, labels["CLIENT_EARLY_TRAFFIC_SECRET"]);
+      ASSERT_EQ(4U, labels["CLIENT_HANDSHAKE_TRAFFIC_SECRET"]);
+      ASSERT_EQ(4U, labels["SERVER_HANDSHAKE_TRAFFIC_SECRET"]);
+      ASSERT_EQ(4U, labels["CLIENT_TRAFFIC_SECRET_0"]);
+      ASSERT_EQ(4U, labels["SERVER_TRAFFIC_SECRET_0"]);
+      ASSERT_EQ(4U, labels["EXPORTER_SECRET"]);
     }
   }
 
   void ConnectAndCheck() {
-    Connect();
+    // This is a child process, ensure that error messages immediately
+    // propagate or else it will not be visible.
+    ::testing::GTEST_FLAG(throw_on_failure) = true;
+
+    if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) {
+      SetupForZeroRtt();
+      client_->Set0RttEnabled(true);
+      server_->Set0RttEnabled(true);
+      ExpectResumption(RESUME_TICKET);
+      ZeroRttSendReceive(true, true);
+      Handshake();
+      ExpectEarlyDataAccepted(true);
+      CheckConnected();
+      SendReceive();
+    } else {
+      Connect();
+    }
     CheckKeyLog();
     _exit(0);
   }