From 57a348ba8cf08df3345d4d255bab2cfb15ce9a58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 20 May 2019 12:46:26 +0200 Subject: [PATCH] Add tests for session copy without serialisation --- programs/ssl/ssl_client2.c | 53 ++++++++++++++++++++++++++++---------- tests/ssl-opt.sh | 46 +++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+), 13 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index da27f0eaf..4b5674a0c 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -103,6 +103,7 @@ int main( void ) #define DFL_DHMLEN -1 #define DFL_RECONNECT 0 #define DFL_RECO_DELAY 0 +#define DFL_RECO_MODE 1 #define DFL_CID_ENABLED 0 #define DFL_CID_VALUE "" #define DFL_CID_ENABLED_RENEGO -1 @@ -309,8 +310,11 @@ int main( void ) " allow_legacy=%%d default: (library default: no)\n" \ USAGE_RENEGO \ " exchanges=%%d default: 1\n" \ - " reconnect=%%d default: 0 (disabled)\n" \ + " reconnect=%%d number of reconnections using session resumption\n" \ + " default: 0 (disabled)\n" \ " reco_delay=%%d default: 0 seconds\n" \ + " reco_mode=%%d 0: copy session, 1: serialise session\n" \ + " default: 1\n" \ " reconnect_hard=%%d default: 0 (disabled)\n" \ USAGE_TICKETS \ USAGE_MAX_FRAG_LEN \ @@ -392,6 +396,7 @@ struct options int dhmlen; /* minimum DHM params len in bits */ int reconnect; /* attempt to resume session */ int reco_delay; /* delay in seconds before resuming session */ + int reco_mode; /* how to keep the session around */ int reconnect_hard; /* unexpectedly reconnect from the same port */ int tickets; /* enable / disable session tickets */ const char *curves; /* list of supported elliptic curves */ @@ -807,6 +812,7 @@ int main( int argc, char *argv[] ) opt.dhmlen = DFL_DHMLEN; opt.reconnect = DFL_RECONNECT; opt.reco_delay = DFL_RECO_DELAY; + opt.reco_mode = DFL_RECO_MODE; opt.reconnect_hard = DFL_RECONNECT_HARD; opt.tickets = DFL_TICKETS; opt.alpn_string = DFL_ALPN_STRING; @@ -973,6 +979,12 @@ int main( int argc, char *argv[] ) if( opt.reco_delay < 0 ) goto usage; } + else if( strcmp( p, "reco_mode" ) == 0 ) + { + opt.reco_mode = atoi( q ); + if( opt.reco_mode < 0 ) + goto usage; + } else if( strcmp( p, "reconnect_hard" ) == 0 ) { opt.reconnect_hard = atoi( q ); @@ -1865,13 +1877,25 @@ int main( int argc, char *argv[] ) mbedtls_printf(" . Saving session for reuse..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ), - session_data, sizeof( session_data ), - &session_data_len ) ) != 0 ) + if( opt.reco_mode == 1 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n", - -ret ); - goto exit; + if( ( ret = mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ), + session_data, sizeof( session_data ), + &session_data_len ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n", + -ret ); + goto exit; + } + } + else + { + if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n", + -ret ); + goto exit; + } } mbedtls_printf( " ok\n" ); @@ -2310,13 +2334,16 @@ reconnect: goto exit; } - if( ( ret = mbedtls_ssl_session_load( &saved_session, - session_data, - session_data_len ) ) != 0 ) + if( opt.reco_mode == 1 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n", - -ret ); - goto exit; + if( ( ret = mbedtls_ssl_session_load( &saved_session, + session_data, + session_data_len ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n", + -ret ); + goto exit; + } } if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 ) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2ea177c30..d6683b41e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2071,6 +2071,20 @@ run_test "Session resume using tickets: timeout" \ -S "a session has been resumed" \ -C "a session has been resumed" +run_test "Session resume using tickets: session copy" \ + "$P_SRV debug_level=3 tickets=1 cache_max=0" \ + "$P_CLI debug_level=3 tickets=1 reconnect=1 reco_mode=0" \ + 0 \ + -c "client hello, adding session ticket extension" \ + -s "found session ticket extension" \ + -s "server hello, adding session ticket extension" \ + -c "found session_ticket extension" \ + -c "parse new session ticket" \ + -S "session successfully restored from cache" \ + -s "session successfully restored from ticket" \ + -s "a session has been resumed" \ + -c "a session has been resumed" + run_test "Session resume using tickets: openssl server" \ "$O_SRV" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -2136,6 +2150,20 @@ run_test "Session resume using tickets, DTLS: timeout" \ -S "a session has been resumed" \ -C "a session has been resumed" +run_test "Session resume using tickets, DTLS: session copy" \ + "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ + "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 reco_mode=0" \ + 0 \ + -c "client hello, adding session ticket extension" \ + -s "found session ticket extension" \ + -s "server hello, adding session ticket extension" \ + -c "found session_ticket extension" \ + -c "parse new session ticket" \ + -S "session successfully restored from cache" \ + -s "session successfully restored from ticket" \ + -s "a session has been resumed" \ + -c "a session has been resumed" + run_test "Session resume using tickets, DTLS: openssl server" \ "$O_SRV -dtls1" \ "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \ @@ -2232,6 +2260,15 @@ run_test "Session resume using cache: no timeout" \ -s "a session has been resumed" \ -c "a session has been resumed" +run_test "Session resume using cache: session copy" \ + "$P_SRV debug_level=3 tickets=0" \ + "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_mode=0" \ + 0 \ + -s "session successfully restored from cache" \ + -S "session successfully restored from ticket" \ + -s "a session has been resumed" \ + -c "a session has been resumed" + run_test "Session resume using cache: openssl client" \ "$P_SRV debug_level=3 tickets=0" \ "( $O_CLI -sess_out $SESSION; \ @@ -2327,6 +2364,15 @@ run_test "Session resume using cache, DTLS: no timeout" \ -s "a session has been resumed" \ -c "a session has been resumed" +run_test "Session resume using cache, DTLS: session copy" \ + "$P_SRV dtls=1 debug_level=3 tickets=0" \ + "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_mode=0" \ + 0 \ + -s "session successfully restored from cache" \ + -S "session successfully restored from ticket" \ + -s "a session has been resumed" \ + -c "a session has been resumed" + run_test "Session resume using cache, DTLS: openssl client" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ "( $O_CLI -dtls1 -sess_out $SESSION; \