{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1754121882, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"1f558fddc9f057f74e6a3ecdcf1d74b0", "commit": {"type":"commit", "time": 1501589392, "time_ofs": 60, "oid_tree": { "oid": "542efd5bb0de350492a5605f56a812f5a77b250d", "alias": []}, "oid":{ "oid": "c0537ebdf1e85e52923d05aa5d83496e97d121a3", "alias": []}, "msg": "Add a test to check we get a new session even if s-\u003ehit is true in TLSv1.3", "sig_commit": { "git_time": { "time": 1501589392, "offset": 60 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }, "sig_author": { "git_time": { "time": 1501585071, "offset": 60 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }}, "body": "Add a test to check we get a new session even if s-\u003ehit is true in TLSv1.3\n\nIn TLSv1.3 we can resume, but still get a new session. This adds a test to\nmake sure that is happening.\n\nReviewed-by: Rich Salz \u003crsalz@openssl.org\u003e\nReviewed-by: Ben Kaduk \u003ckaduk@mit.edu\u003e\n(Merged from https://github.com/openssl/openssl/pull/4068)\n" , "diff": "diff --git a/test/sslapitest.c b/test/sslapitest.c\nindex d8324f8..a2917da 100644\n--- a/test/sslapitest.c\n+++ b/test/sslapitest.c\n@@ -786,6 +786,11 @@ static void ssl_session_tear_down(SSL_SESSION_TEST_FIXTURE fixture)\n static int new_session_cb(SSL *ssl, SSL_SESSION *sess)\n {\n new_called++;\n+ /*\n+ * sess has been up-refed for us, but we don't actually need it so free it\n+ * immediately.\n+ */\n+ SSL_SESSION_free(sess);\n return 1;\n }\n \n@@ -842,6 +847,32 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)\n if (fix.use_ext_cache \u0026\u0026 (new_called !\u003d 1 || remove_called !\u003d 0))\n goto end;\n \n+#if !defined(OPENSSL_NO_TLS1_3)\n+ new_called \u003d remove_called \u003d 0;\n+ if (!TEST_true(create_ssl_objects(sctx, cctx, \u0026serverssl2,\n+ \u0026clientssl2, NULL, NULL))\n+ || !TEST_true(SSL_set_session(clientssl2, sess1))\n+ || !TEST_true(create_ssl_connection(serverssl2, clientssl2,\n+ SSL_ERROR_NONE))\n+ || !TEST_true(SSL_session_reused(clientssl2)))\n+ goto end;\n+\n+ /*\n+ * In TLSv1.3 we should have created a new session even though we have\n+ * resumed. The original session should also have been removed.\n+ */\n+ if (fix.use_ext_cache \u0026\u0026 !TEST_true((new_called \u003d\u003d 1\n+ \u0026\u0026 remove_called \u003d\u003d 1)))\n+ goto end;\n+\n+ SSL_SESSION_free(sess1);\n+ if (!TEST_ptr(sess1 \u003d SSL_get1_session(clientssl2)))\n+ goto end;\n+ shutdown_ssl_connection(serverssl2, clientssl2);\n+ serverssl2 \u003d clientssl2 \u003d NULL;\n+#endif\n+\n+ new_called \u003d remove_called \u003d 0;\n if (!TEST_true(create_ssl_objects(sctx, cctx, \u0026serverssl2,\n \u0026clientssl2, NULL, NULL))\n || !TEST_true(create_ssl_connection(serverssl2, clientssl2,\n@@ -851,16 +882,17 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)\n if (!TEST_ptr(sess2 \u003d SSL_get1_session(clientssl2)))\n goto end;\n \n- if (fix.use_ext_cache \u0026\u0026 (new_called !\u003d 2 || remove_called !\u003d 0))\n+ if (fix.use_ext_cache \u0026\u0026 !TEST_true(new_called \u003d\u003d 1 \u0026\u0026 remove_called \u003d\u003d 0))\n goto end;\n \n+ new_called \u003d remove_called \u003d 0;\n /*\n * This should clear sess2 from the cache because it is a \u0022bad\u0022 session.\n * See SSL_set_session() documentation.\n */\n if (!TEST_true(SSL_set_session(clientssl2, sess1)))\n goto end;\n- if (fix.use_ext_cache \u0026\u0026 (new_called !\u003d 2 || remove_called !\u003d 1))\n+ if (fix.use_ext_cache \u0026\u0026 !TEST_true(new_called \u003d\u003d 0 \u0026\u0026 remove_called \u003d\u003d 1))\n goto end;\n if (!TEST_ptr_eq(SSL_get_session(clientssl2), sess1))\n goto end;\n@@ -870,35 +902,30 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)\n if (!TEST_true(SSL_CTX_add_session(cctx, sess2))\n || !TEST_true(SSL_CTX_remove_session(cctx, sess2)))\n goto end;\n-\n- /*\n- * This is for the purposes of internal cache testing...ignore the\n- * counter for external cache\n- */\n- if (fix.use_ext_cache)\n- remove_called--;\n }\n \n+ new_called \u003d remove_called \u003d 0;\n /* This shouldn't be in the cache so should fail */\n if (!TEST_false(SSL_CTX_remove_session(cctx, sess2)))\n goto end;\n \n- if (fix.use_ext_cache \u0026\u0026 (new_called !\u003d 2 || remove_called !\u003d 2))\n+ if (fix.use_ext_cache \u0026\u0026 !TEST_true(new_called \u003d\u003d 0 \u0026\u0026 remove_called \u003d\u003d 1))\n goto end;\n \n #if !defined(OPENSSL_NO_TLS1_1) \u0026\u0026 !defined(OPENSSL_NO_TLS1_2)\n+ new_called \u003d remove_called \u003d 0;\n /* Force a connection failure */\n SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION);\n if (!TEST_true(create_ssl_objects(sctx, cctx, \u0026serverssl3,\n \u0026clientssl3, NULL, NULL))\n || !TEST_true(SSL_set_session(clientssl3, sess1))\n- /* This should fail because of the mismatched protocol versions */\n+ /* This should fail because of the mismatched protocol versions */\n || !TEST_false(create_ssl_connection(serverssl3, clientssl3,\n SSL_ERROR_NONE)))\n goto end;\n \n /* We should have automatically removed the session from the cache */\n- if (fix.use_ext_cache \u0026\u0026 (new_called !\u003d 2 || remove_called !\u003d 3))\n+ if (fix.use_ext_cache \u0026\u0026 !TEST_true(new_called \u003d\u003d 0 \u0026\u0026 remove_called \u003d\u003d 1))\n goto end;\n \n /* Should succeed because it should not already be in the cache */\n@@ -919,14 +946,6 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)\n #endif\n SSL_SESSION_free(sess1);\n SSL_SESSION_free(sess2);\n-\n- /*\n- * Check if we need to remove any sessions up-refed for the external cache\n- */\n- if (new_called \u003e\u003d 1)\n- SSL_SESSION_free(sess1);\n- if (new_called \u003e\u003d 2)\n- SSL_SESSION_free(sess2);\n SSL_CTX_free(sctx);\n SSL_CTX_free(cctx);\n \n","s":{"c":1754121882,"u": 43321}} ],"g": 44771,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}