mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-01 04:20:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Change time resolution of reco_delay from second to millionseconds

Browse Source 
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.

From test result of #6712, this can improve the fail rate from 4%
to 92%.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2022-12-05 15:55:24 +08:00
parent f05b6eed0c
commit a15af37867
3 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
programs/ssl/ssl_client2.c
View File

@ -424,7 +424,7 @@ int main( void )
" reconnect=%%d number of reconnections using session resumption\n" \
" default: 0 (disabled)\n" \
" reco_server_name=%%s default: NULL\n" \
" reco_delay=%%d default: 0 seconds\n" \
" reco_delay=%%d default: 0 millionseconds\n" \
" reco_mode=%%d 0: copy session, 1: serialize session\n" \
" default: 1\n" \
" reconnect_hard=%%d default: 0 (disabled)\n" \
@ -3184,7 +3184,7 @@ reconnect:
#if defined(MBEDTLS_TIMING_C)
if( opt.reco_delay > 0 )
mbedtls_net_usleep( 1000000 * opt.reco_delay );
mbedtls_net_usleep( 1000 * opt.reco_delay );
#endif
mbedtls_printf( " . Reconnecting with saved session..." );

4
tests/opt-testcases/tls13-misc.sh
View File

@ -274,7 +274,7 @@ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: EarlyData: basic check, good" \
"$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \
"$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \
"$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=900" \
1 \
-c "Reconnecting with saved session" \
-c "NewSessionTicket: early_data(42) extension received." \
@ -295,7 +295,7 @@ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \
"$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \
"$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \
"$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1" \
0 \
-c "Reconnecting with saved session" \
-C "NewSessionTicket: early_data(42) extension received." \

14
tests/ssl-opt.sh
View File

@ -3632,7 +3632,7 @@ run_test "Session resume using tickets: cache disabled" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: timeout" \
"$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \
"$P_CLI debug_level=3 tickets=1 reconnect=1 reco_delay=2" \
"$P_CLI debug_level=3 tickets=1 reconnect=1 reco_delay=2000" \
0 \
-c "client hello, adding session ticket extension" \
-s "found session ticket extension" \
@ -3942,7 +3942,7 @@ run_test "Session resume using tickets, DTLS: cache disabled" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets, DTLS: timeout" \
"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_delay=2" \
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_delay=2000" \
0 \
-c "client hello, adding session ticket extension" \
-s "found session ticket extension" \
@ -4066,7 +4066,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache: timeout < delay" \
"$P_SRV debug_level=3 tickets=0 cache_timeout=1" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2000" \
0 \
-S "session successfully restored from cache" \
-S "session successfully restored from ticket" \
@ -4077,7 +4077,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache: no timeout" \
"$P_SRV debug_level=3 tickets=0 cache_timeout=0" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2000" \
0 \
-s "session successfully restored from cache" \
-S "session successfully restored from ticket" \
@ -4213,7 +4213,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache, DTLS: timeout < delay" \
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2000" \
0 \
-S "session successfully restored from cache" \
-S "session successfully restored from ticket" \
@ -4224,7 +4224,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CACHE_C
run_test "Session resume using cache, DTLS: no timeout" \
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2000" \
0 \
-s "session successfully restored from cache" \
-S "session successfully restored from ticket" \
@ -9880,7 +9880,7 @@ run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
key_file=data_files/server8.key \
hs_timeout=10000-60000 \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
mtu=1450 reconnect=1 skip_close_notify=1 reco_delay=1" \
mtu=1450 reconnect=1 skip_close_notify=1 reco_delay=1000" \
0 \
-S "autoreduction" \
-s "found fragmented DTLS handshake message" \