Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 707af294a8af53160bd94c1dc788f8587092d997^! / . / ssl / ssl_test.cc
commit707af294a8af53160bd94c1dc788f8587092d997[log] [tgz]
authorDavid Benjamin <davidben@google.com>Fri Mar 10 17:47:18 2017 -0500
committerAdam Langley <agl@google.com>Sat Mar 11 00:05:29 2017 +0000
treea8d294bd30eb7ef34d4a38887a2ac638a5499cd3
parent4c341d0299c9eef218a5e7219d0b12da0d88dd42 [diff] [blame]
Support asynchronous ticket decryption with TLS 1.3.

This shuffles a bit of the code around session resumption in TLS 1.3 to
make the async point cleaner to inject. It also fills in cipher and
tlsext_hostname more uniformly.

Filling in the cipher on resumption is a no-op as SSL_SESSION_dup
already copies it, but avoids confusion should we ever implement TLS
1.3's laxer cipher matching on the server. Not filling in
tlsext_hostname on resumption was an oversight; the relevant check isn't
whether we are resuming but whether we have a fresh SSL_SESSION to fill
things into.

Change-Id: Ic02eb079ff228ce4a4d3e0de7445e18cd367e8b2
Reviewed-on: https://boringssl-review.googlesource.com/14205
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 719bdab..6b150e8 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc

@@ -3427,6 +3427,7 @@
   SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
   SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
   SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
+  SSL_CTX_sess_set_new_cb(client_ctx.get(), SaveLastSession);
 
   SSL_CTX_set_ticket_aead_method(server_ctx.get(), &kSSLTestTicketMethod);
 
@@ -3447,10 +3448,13 @@
   EXPECT_FALSE(SSL_session_reused(client.get()));
   EXPECT_FALSE(SSL_session_reused(server.get()));
 
-  SSL_SESSION *session = SSL_get_session(client.get());
+  // Run the read loop to account for post-handshake tickets in TLS 1.3.
+  SSL_read(client.get(), nullptr, 0);
+
+  bssl::UniquePtr<SSL_SESSION> session = std::move(g_last_session);
   ConnectClientAndServerWithTicketMethod(&client, &server, client_ctx.get(),
                                          server_ctx.get(), retry_count,
-                                         failure_mode, session);
+                                         failure_mode, session.get());
   switch (failure_mode) {
     case ssl_test_ticket_aead_ok:
       ASSERT_TRUE(client);
@@ -3473,7 +3477,7 @@
 INSTANTIATE_TEST_CASE_P(
     TicketAEADMethodTests, TicketAEADMethodTest,
     testing::Combine(
-        testing::Values(TLS1_2_VERSION /*, TLS1_3_VERSION TODO: enable */),
+        testing::Values(TLS1_2_VERSION, TLS1_3_VERSION),
         testing::Values(0, 1, 2),
         testing::Values(ssl_test_ticket_aead_ok,
                         ssl_test_ticket_aead_seal_fail,