Add session ID as explicit parameter to SSL session cache API
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index b2d5574..89912c6 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -628,9 +628,15 @@
#endif
/* TODO: Document */
-typedef int mbedtls_ssl_cache_get_t( void *data, mbedtls_ssl_session *session );
+typedef int mbedtls_ssl_cache_get_t( void *data,
+ unsigned char const *session_id,
+ size_t session_id_len,
+ mbedtls_ssl_session *session );
/* TODO: Document */
-typedef int mbedtls_ssl_cache_set_t( void *data, const mbedtls_ssl_session *session );
+typedef int mbedtls_ssl_cache_set_t( void *data,
+ unsigned char const *session_id,
+ size_t session_id_len,
+ const mbedtls_ssl_session *session );
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
#if defined(MBEDTLS_X509_CRT_PARSE_C)
diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index c6ef296..cb55f7f 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -99,19 +99,32 @@
* \brief Cache get callback implementation
* (Thread-safe if MBEDTLS_THREADING_C is enabled)
*
- * \param data SSL cache context
- * \param session session to retrieve entry for
+ * \param data The SSL cache context to use.
+ * \param session_id The pointer to the buffer holding the session ID
+ * for the session to load.
+ * \param session_id_len The length of \p session_id in bytes.
+ * \param session The address at which to store the session
+ * associated with \p session_id, if present.
*/
-int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session );
+int mbedtls_ssl_cache_get( void *data,
+ unsigned char const *session_id,
+ size_t session_id_len,
+ mbedtls_ssl_session *session );
/**
* \brief Cache set callback implementation
* (Thread-safe if MBEDTLS_THREADING_C is enabled)
*
- * \param data SSL cache context
- * \param session session to store entry for
+ * \param data The SSL cache context to use.
+ * \param session_id The pointer to the buffer holding the session ID
+ * associated to \p session.
+ * \param session_id_len The length of \p session_id in bytes.
+ * \param session The session to store.
*/
-int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session );
+int mbedtls_ssl_cache_set( void *data,
+ unsigned char const *session_id,
+ size_t session_id_len,
+ const mbedtls_ssl_session *session );
#if defined(MBEDTLS_HAVE_TIME)
/**
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index ce85157..e0e2177 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -50,7 +50,10 @@
#endif
}
-int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session )
+int mbedtls_ssl_cache_get( void *data,
+ unsigned char const *session_id,
+ size_t session_id_len,
+ mbedtls_ssl_session *session )
{
int ret = 1;
#if defined(MBEDTLS_HAVE_TIME)
@@ -78,8 +81,8 @@
continue;
#endif
- if( session->id_len != entry->session.id_len ||
- memcmp( session->id, entry->session.id,
+ if( session_id_len != entry->session.id_len ||
+ memcmp( session_id, entry->session.id,
entry->session.id_len ) != 0 )
{
continue;
@@ -135,7 +138,10 @@
return( ret );
}
-int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
+int mbedtls_ssl_cache_set( void *data,
+ unsigned char const *session_id,
+ size_t session_id_len,
+ const mbedtls_ssl_session *session )
{
int ret = 1;
#if defined(MBEDTLS_HAVE_TIME)
@@ -167,8 +173,11 @@
}
#endif
- if( memcmp( session->id, cur->session.id, cur->session.id_len ) == 0 )
+ if( session_id_len == cur->session.id_len &&
+ memcmp( session_id, cur->session.id, cur->session.id_len ) == 0 )
+ {
break; /* client reconnected, keep timestamp for session id */
+ }
#if defined(MBEDTLS_HAVE_TIME)
if( oldest == 0 || cur->timestamp < oldest )
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 40ad490..784ab2d 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2784,10 +2784,9 @@
return;
#endif
- session_tmp.id_len = session->id_len;
- memcpy( session_tmp.id, session->id, session->id_len );
-
ret = ssl->conf->f_get_cache( ssl->conf->p_cache,
+ session->id,
+ session->id_len,
&session_tmp );
if( ret != 0 )
goto exit;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 67fcebf..c26f68b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3411,7 +3411,10 @@
ssl->session->id_len != 0 &&
resume == 0 )
{
- if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 )
+ if( ssl->conf->f_set_cache( ssl->conf->p_cache,
+ ssl->session->id,
+ ssl->session->id_len,
+ ssl->session ) != 0 )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) );
}