1 files changed, 46 insertions, 15 deletions

diff --git a/gtests/ssl_gtest/ssl_0rtt_unittest.cc b/gtests/ssl_gtest/ssl_0rtt_unittest.cc
index 979351518..c9036291c 100644
--- a/gtests/ssl_gtest/ssl_0rtt_unittest.cc
+++ b/gtests/ssl_gtest/ssl_0rtt_unittest.cc
@@ -74,10 +74,11 @@ TEST_P(TlsConnectTls13, ZeroRttApplicationReject) {
 }
 
 TEST_P(TlsConnectTls13, ZeroRttApparentReplayAfterRestart) {
-  // The test fixtures call SSL_InitAntiReplay() in SetUp().  This results in
-  // 0-RTT being rejected until at least one window passes.  SetupFor0Rtt()
-  // forces a rollover of the anti-replay filters, which clears this state.
-  // Here, we do the setup manually here without that forced rollover.
+  // The test fixtures enable anti-replay in SetUp().  This results in 0-RTT
+  // being rejected until at least one window passes.  SetupFor0Rtt() forces a
+  // rollover of the anti-replay filters, which clears that state and allows
+  // 0-RTT to work.  Make the first connection manually to avoid that rollover
+  // and cause 0-RTT to be rejected.
 
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
   ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
@@ -217,7 +218,7 @@ TEST_P(TlsConnectTls13, ZeroRttServerOnly) {
 // delay exceeds half the anti-replay window.
 TEST_P(TlsConnectTls13, ZeroRttRejectOldTicket) {
   static const PRTime kWindow = 10 * PR_USEC_PER_SEC;
-  EXPECT_EQ(SECSuccess, SSL_InitAntiReplay(now(), kWindow, 1, 3));
+  ResetAntiReplay(kWindow);
   SetupForZeroRtt();
 
   Reset();
@@ -242,7 +243,7 @@ TEST_P(TlsConnectTls13, ZeroRttRejectOldTicket) {
 // arrive prematurely, causing the server to reject early data.
 TEST_P(TlsConnectTls13, ZeroRttRejectPrematureTicket) {
   static const PRTime kWindow = 10 * PR_USEC_PER_SEC;
-  EXPECT_EQ(SECSuccess, SSL_InitAntiReplay(now(), kWindow, 1, 3));
+  ResetAntiReplay(kWindow);
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
   ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
   server_->Set0RttEnabled(true);
@@ -904,20 +905,21 @@ TEST_F(TlsConnectDatagram13, ZeroRttShortReadDtls) {
 // that a small sleep results in rejection of early data. 0-RTT has a
 // configurable timer, which makes it ideal for this.
 TEST_F(TlsConnectStreamTls13, TimePassesByDefault) {
-  // Set a tiny anti-replay window.  This has to be at least 2 milliseconds to
-  // have any chance of being relevant as that is the smallest window that we
-  // can detect.  Anything smaller rounds to zero.
-  static const unsigned int kTinyWindowMs = 5;
-  EXPECT_EQ(SECSuccess, SSL_InitAntiReplay(
-                            PR_Now(), kTinyWindowMs * PR_USEC_PER_MSEC, 1, 5));
-
   // Calling EnsureTlsSetup() replaces the time function on client and server,
-  // which we don't want, so initialize each directly.
+  // and sets up anti-replay, which we don't want, so initialize each directly.
   client_->EnsureTlsSetup();
   server_->EnsureTlsSetup();
-  client_->StartConnect();  // Also avoid StartConnect().
+  // StartConnect() calls EnsureTlsSetup(), so avoid that too.
+  client_->StartConnect();
   server_->StartConnect();
 
+  // Set a tiny anti-replay window.  This has to be at least 2 milliseconds to
+  // have any chance of being relevant as that is the smallest window that we
+  // can detect.  Anything smaller rounds to zero.
+  static const unsigned int kTinyWindowMs = 5;
+  ResetAntiReplay(static_cast<PRTime>(kTinyWindowMs * PR_USEC_PER_MSEC));
+  server_->SetAntiReplayContext(anti_replay_);
+
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
   ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
   server_->Set0RttEnabled(true);
@@ -951,6 +953,35 @@ TEST_F(TlsConnectStreamTls13, TimePassesByDefault) {
   CheckConnected();
 }
 
+// Test that SSL_CreateAntiReplayContext doesn't pass bad inputs.
+TEST_F(TlsConnectStreamTls13, BadAntiReplayArgs) {
+  SSLAntiReplayContext* p;
+  // Zero or negative window.
+  EXPECT_EQ(SECFailure, SSL_CreateAntiReplayContext(0, -1, 1, 1, &p));
+  EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+  EXPECT_EQ(SECFailure, SSL_CreateAntiReplayContext(0, 0, 1, 1, &p));
+  EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+  // Zero k.
+  EXPECT_EQ(SECFailure, SSL_CreateAntiReplayContext(0, 1, 0, 1, &p));
+  EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+  // Zero bits.
+  EXPECT_EQ(SECFailure, SSL_CreateAntiReplayContext(0, 1, 1, 0, &p));
+  EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+  EXPECT_EQ(SECFailure, SSL_CreateAntiReplayContext(0, 1, 1, 1, nullptr));
+  EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+
+  // Prove that these parameters do work, even if they are useless..
+  EXPECT_EQ(SECSuccess, SSL_CreateAntiReplayContext(0, 1, 1, 1, &p));
+  ASSERT_NE(nullptr, p);
+  ScopedSSLAntiReplayContext ctx(p);
+
+  // The socket isn't a client or server until later, so configuring a client
+  // should work OK.
+  client_->EnsureTlsSetup();
+  EXPECT_EQ(SECSuccess, SSL_SetAntiReplayContext(client_->ssl_fd(), ctx.get()));
+  EXPECT_EQ(SECSuccess, SSL_SetAntiReplayContext(client_->ssl_fd(), nullptr));
+}
+
 #ifndef NSS_DISABLE_TLS_1_3
 INSTANTIATE_TEST_CASE_P(Tls13ZeroRttReplayTest, TlsZeroRttReplayTest,
                         TlsConnectTestBase::kTlsVariantsAll);