tests: added reproducers for receiving app data when rehandshake is expected

Relates: #426

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

3 files changed, 132 insertions, 40 deletions

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 60cebadaec..88f56455c8 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -132,7 +132,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei
 	 tls12-cipher-neg tls11-cipher-neg tls10-cipher-neg ssl30-cipher-neg \
 	 crq_apis init_roundtrip pkcs12_s2k_pem dn2 tls12-rehandshake-cert-3 \
 	 nul-in-x509-names x509_altname pkcs12_encode mini-x509	\
-	 tls12-rehandshake-cert rng-fork mini-eagain-dtls resume-dtls \
+	 rng-fork mini-eagain-dtls resume-dtls \
 	 tls13-rehandshake-cert gnutls_ext_raw_parse \
 	 x509cert x509cert-tl infoaccess mini-dtls-hello-verify sign-verify-ed25519-rfc8080 \
 	 trustdb-tofu dtls-rehandshake-anon mini-alpn mini-dtls-large \
@@ -201,7 +201,7 @@ endif
 if HAVE_CMOCKA
 CMOCKA_LDADD = $(COMMON_LDADD) $(CMOCKA_LIBS)
 ctests += dtls-sliding-window ip-utils name-constraints-ip conv-utf8 str-unicode str-idna \
-	tls10-prf tls12-prf gnutls_record_overhead eagain
+	tls10-prf tls12-prf gnutls_record_overhead eagain tls12-rehandshake-cert
 
 gnutls_record_overhead_LDADD = $(CMOCKA_LDADD)
 dtls_sliding_window_LDADD = $(CMOCKA_LDADD)
@@ -213,6 +213,7 @@ str_idna_LDADD = $(CMOCKA_LDADD)
 tls10_prf_LDADD = $(CMOCKA_LDADD)
 tls12_prf_LDADD = $(CMOCKA_LDADD)
 eagain_LDADD = $(CMOCKA_LDADD)
+tls12_rehandshake_cert_LDADD = $(CMOCKA_LDADD)
 
 gnutls_record_overhead_CPPFLAGS = $(AM_CPPFLAGS) \
 	-I$(top_srcdir)/gl	\
diff --git a/tests/eagain.c b/tests/eagain.c
index 968f99b839..4eff818e5a 100644
--- a/tests/eagain.c
+++ b/tests/eagain.c
@@ -35,6 +35,9 @@
 #include "cert-common.h"
 #include "cmocka-common.h"
 
+/* This tests operation under non-blocking mode in TLS1.2/TLS1.3
+ * as well as operation under TLS1.2 re-handshake.
+ */
 static void tls_log_func(int level, const char *str)
 {
 	fprintf(stderr, "<%d>| %s", level, str);
@@ -83,7 +86,7 @@ static void async_handshake(void **glob_state, const char *prio, unsigned rehsk)
 	gnutls_transport_set_ptr(server, server);
 
 	/* Init client */
-	
+
 	ret = gnutls_certificate_allocate_credentials(&clientx509cred);
 	assert_return_code(ret, 0);
 
@@ -103,7 +106,7 @@ static void async_handshake(void **glob_state, const char *prio, unsigned rehsk)
 
 	HANDSHAKE(client, server);
 
-	if (rehsk == 1) {
+	if (rehsk == 1 || rehsk == 3) {
 		ssize_t n;
 		char b[1];
 
@@ -117,6 +120,22 @@ static void async_handshake(void **glob_state, const char *prio, unsigned rehsk)
 
 		assert_int_equal(n, GNUTLS_E_REHANDSHAKE);
 
+		if (rehsk == 3) {
+			/* client sends app data and the server ignores them */
+			do {
+				cret = gnutls_record_send(client, "x", 1);
+			} while (cret == GNUTLS_E_AGAIN);
+
+			do {
+				sret = gnutls_handshake(server);
+			} while (sret == GNUTLS_E_AGAIN);
+			assert_int_equal(sret, GNUTLS_E_GOT_APPLICATION_DATA);
+
+			do {
+				n = gnutls_record_recv(server, buffer, sizeof(buffer));
+			} while(n == GNUTLS_E_AGAIN);
+		}
+
 		HANDSHAKE(client, server);
 	} else if (rehsk == 2) {
 		HANDSHAKE(client, server);
@@ -152,6 +171,11 @@ static void tls12_async_rehandshake_server(void **glob_state)
 	async_handshake(glob_state, "NORMAL:-VERS-ALL:+VERS-TLS1.2", 2);
 }
 
+static void tls12_async_rehandshake_server_appdata(void **glob_state)
+{
+	async_handshake(glob_state, "NORMAL:-VERS-ALL:+VERS-TLS1.2", 3);
+}
+
 static void tls13_async_handshake(void **glob_state)
 {
 	async_handshake(glob_state, "NORMAL:-VERS-ALL:+VERS-TLS1.3", 0);
@@ -163,6 +187,7 @@ int main(void)
 		cmocka_unit_test(tls12_async_handshake),
 		cmocka_unit_test(tls12_async_rehandshake_client),
 		cmocka_unit_test(tls12_async_rehandshake_server),
+		cmocka_unit_test(tls12_async_rehandshake_server_appdata),
 		cmocka_unit_test(tls13_async_handshake),
 	};
 	return cmocka_run_group_tests(tests, NULL, NULL);
diff --git a/tests/tls12-rehandshake-cert.c b/tests/tls12-rehandshake-cert.c
index 998d997363..226ee6e1f3 100644
--- a/tests/tls12-rehandshake-cert.c
+++ b/tests/tls12-rehandshake-cert.c
@@ -1,7 +1,8 @@
 /*
  * Copyright (C) 2008-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2018 Red Hat, Inc.
  *
- * Author: Simon Josefsson
+ * Author: Simon Josefsson, Nikos Mavrogiannopoulos
  *
  * This file is part of GnuTLS.
  *
@@ -15,9 +16,8 @@
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  * General Public License for more details.
  *
- * You should have received a copy of the GNU General Public License
- * along with GnuTLS; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
  */
 
 #ifdef HAVE_CONFIG_H
@@ -29,22 +29,20 @@
 #include <string.h>
 #include <errno.h>
 #include <gnutls/gnutls.h>
-#include "utils.h"
-#include "eagain-common.h"
+
 #include "cert-common.h"
+#include "cmocka-common.h"
 
 /* This program tests server initiated rehandshake */
 
-const char *side = "";
-
 static void tls_log_func(int level, const char *str)
 {
-	fprintf(stderr, "%s|<%d>| %s", side, level, str);
+	fprintf(stderr, "<%d>| %s", level, str);
 }
 
 #define MAX_REHANDSHAKES 16
 
-void doit(void)
+static void test_rehandshake(void **glob_state, unsigned appdata)
 {
 	/* Server stuff. */
 	gnutls_certificate_credentials_t serverx509cred;
@@ -54,53 +52,102 @@ void doit(void)
 	gnutls_certificate_credentials_t clientx509cred;
 	gnutls_session_t client;
 	int cret = GNUTLS_E_AGAIN;
+	char buffer[64];
+	int ret;
 	unsigned i;
 
 	/* General init. */
-	global_init();
+	reset_buffers();
+	ret = gnutls_global_init();
+	assert_return_code(ret, 0);
+
 	gnutls_global_set_log_function(tls_log_func);
-	if (debug)
-		gnutls_global_set_log_level(6);
 
 	/* Init server */
-	gnutls_certificate_allocate_credentials(&serverx509cred);
-	gnutls_certificate_set_x509_key_mem(serverx509cred,
-					    &server_cert, &server_key,
-					    GNUTLS_X509_FMT_PEM);
-	gnutls_init(&server, GNUTLS_SERVER);
-	gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
-				serverx509cred);
-	gnutls_priority_set_direct(server, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL);
+	ret = gnutls_certificate_allocate_credentials(&serverx509cred);
+	assert_return_code(ret, 0);
+
+	ret = gnutls_certificate_set_x509_key_mem(serverx509cred,
+						  &server_cert, &server_key,
+						  GNUTLS_X509_FMT_PEM);
+	assert_return_code(ret, 0);
+
+	ret = gnutls_init(&server, GNUTLS_SERVER);
+	assert_return_code(ret, 0);
+
+	ret = gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
+				     serverx509cred);
+	assert_return_code(ret, 0);
+
+	ret = gnutls_priority_set_direct(server, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL);
+	assert_return_code(ret, 0);
+
 	gnutls_transport_set_push_function(server, server_push);
 	gnutls_transport_set_pull_function(server, server_pull);
 	gnutls_transport_set_ptr(server, server);
 
 	/* Init client */
-	gnutls_certificate_allocate_credentials(&clientx509cred);
-	gnutls_init(&client, GNUTLS_CLIENT);
-	gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
-				clientx509cred);
-	gnutls_priority_set_direct(client, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL);
+	ret = gnutls_certificate_allocate_credentials(&clientx509cred);
+	assert_return_code(ret, 0);
+
+	ret = gnutls_init(&client, GNUTLS_CLIENT);
+	assert_return_code(ret, 0);
+
+	ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
+				     clientx509cred);
+	assert_return_code(ret, 0);
+
+	ret = gnutls_priority_set_direct(client, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL);
+	assert_return_code(ret, 0);
+
 	gnutls_transport_set_push_function(client, client_push);
 	gnutls_transport_set_pull_function(client, client_pull);
 	gnutls_transport_set_ptr(client, client);
 
 	HANDSHAKE(client, server);
 
-	for (i=0;i<MAX_REHANDSHAKES;i++) {
-		sret = gnutls_rehandshake(server);
-		if (debug)
-			success("gnutls_rehandshake %d (server)...\n", i);
+	if (appdata) {
+		/* send application data prior to handshake */
+		ssize_t n;
+		char b[1];
 
-		{
-			ssize_t n;
-			char b[1];
+		do {
+			sret = gnutls_rehandshake(server);
+		} while (sret == GNUTLS_E_AGAIN);
+
+		do {
 			n = gnutls_record_recv(client, b, 1);
-			if (n != GNUTLS_E_REHANDSHAKE)
-				fail("client did not receive the expected rehandshake error code\n");
-		}
+		} while(n == GNUTLS_E_AGAIN);
+
+		assert_int_equal(n, GNUTLS_E_REHANDSHAKE);
+
+		/* client sends app data and the server ignores them */
+		do {
+			cret = gnutls_record_send(client, "x", 1);
+		} while (cret == GNUTLS_E_AGAIN);
+
+		do {
+			sret = gnutls_handshake(server);
+		} while (sret == GNUTLS_E_AGAIN);
+		assert_int_equal(sret, GNUTLS_E_GOT_APPLICATION_DATA);
+
+		do {
+			n = gnutls_record_recv(server, buffer, sizeof(buffer));
+		} while(n == GNUTLS_E_AGAIN);
 
 		HANDSHAKE(client, server);
+	} else {
+		ssize_t n;
+		char b[1];
+
+		for (i=0;i<MAX_REHANDSHAKES;i++) {
+			sret = gnutls_rehandshake(server);
+
+			n = gnutls_record_recv(client, b, 1);
+			assert_int_equal(n, GNUTLS_E_REHANDSHAKE);
+
+			HANDSHAKE(client, server);
+		}
 	}
 
 	gnutls_bye(client, GNUTLS_SHUT_RDWR);
@@ -114,3 +161,22 @@ void doit(void)
 
 	gnutls_global_deinit();
 }
+
+static void tls12_rehandshake_server(void **glob_state)
+{
+	test_rehandshake(glob_state, 0);
+}
+
+static void tls12_rehandshake_server_appdata(void **glob_state)
+{
+	test_rehandshake(glob_state, 1);
+}
+
+int main(void)
+{
+	const struct CMUnitTest tests[] = {
+		cmocka_unit_test(tls12_rehandshake_server),
+		cmocka_unit_test(tls12_rehandshake_server_appdata),
+	};
+	return cmocka_run_group_tests(tests, NULL, NULL);
+}