Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Point to the processing of multiple tickets #161

Open
wants to merge 1 commit into
base: tls13-prototype
Choose a base branch
from
Open

Point to the processing of multiple tickets #161

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
125 changes: 64 additions & 61 deletions programs/ssl/ssl_client2.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3382,12 +3382,73 @@ int main( int argc, char *argv[] )
goto close_notify;

#if defined(MBEDTLS_SSL_NEW_SESSION_TICKET)

case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET:
/* We were waiting for application data but got a NewSessionTicket instead. */
/* We received a ticket via the NewSessionTicket message.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From what I see, this code-path is specific to TLS 1.3 and has been removed from TLS 1.2 code below, but tickets are also used in TLS 1.2. I would like to make sure that our work on the prototype does not make it deviate further from a dual-build with 1.2.

Could you fix this?

Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The MBEDTLS_SSL_NEW_SESSION_TICKET is TLS 1.3 specific but I will double-check that I didn't make any mistake here.

*
* Note that this code stores only a single session ticket in
* session_data. If two tickets are received via two
* NewSessionTicket messages and they are not stored separately
* then the content of the previously received ticket will be
* overwritten by the most recently received ticket.
*/
mbedtls_printf( " got ticket.\n" );
continue;

if( opt.reconnect != 0 )
{
mbedtls_printf(" . Saving ticket for reuse..." );
fflush( stdout );

if( opt.reco_mode == 1 )
{
/* free any previously saved data */
if( session_data != NULL )
{
mbedtls_platform_zeroize( session_data, session_data_len );
mbedtls_free( session_data );
session_data = NULL;
}

/* get size of the buffer needed */
mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ),
NULL, 0, &session_data_len );
session_data = mbedtls_calloc( 1, session_data_len );
if( session_data == NULL )
{
mbedtls_printf( " failed\n ! alloc %u bytes for session data\n",
(unsigned) session_data_len );
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto exit;
}

/* actually save session data */
if( ( ret = mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ),
session_data, session_data_len,
&session_data_len ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
(unsigned int) -ret );
goto exit;
}
}
else
{
if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}
}

mbedtls_printf( " ok\n" );

if( opt.reco_mode == 1 )
{
mbedtls_printf( " [ Saved %u bytes of session data]\n",
(unsigned) session_data_len );
}
}
continue;
#endif /* MBEDTLS_SSL_NEW_SESSION_TICKET */

#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
Expand Down Expand Up @@ -3468,64 +3529,6 @@ int main( int argc, char *argv[] )
ret = 0;
}

#if defined(MBEDTLS_SSL_NEW_SESSION_TICKET)
if( opt.reconnect != 0 )
{
mbedtls_printf(" . Saving session for reuse..." );
fflush( stdout );

if( opt.reco_mode == 1 )
{
/* free any previously saved data */
if( session_data != NULL )
{
mbedtls_platform_zeroize( session_data, session_data_len );
mbedtls_free( session_data );
session_data = NULL;
}

/* get size of the buffer needed */
mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ),
NULL, 0, &session_data_len );
session_data = mbedtls_calloc( 1, session_data_len );
if( session_data == NULL )
{
mbedtls_printf( " failed\n ! alloc %u bytes for session data\n",
(unsigned) session_data_len );
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto exit;
}

/* actually save session data */
if( ( ret = mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ),
session_data, session_data_len,
&session_data_len ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
(unsigned int) -ret );
goto exit;
}
}
else
{
if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}
}

mbedtls_printf( " ok\n" );

if( opt.reco_mode == 1 )
{
mbedtls_printf( " [ Saved %u bytes of session data]\n",
(unsigned) session_data_len );
}
}
#endif /* MBEDTLS_SSL_NEW_SESSION_TICKET */

/*
* 7b. Simulate hard reset and reconnect from same port?
*/
Expand Down