diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b2d5574fc8..89912c606f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -628,9 +628,15 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; #endif /* TODO: Document */ -typedef int mbedtls_ssl_cache_get_t( void *data, mbedtls_ssl_session *session ); +typedef int mbedtls_ssl_cache_get_t( void *data, + unsigned char const *session_id, + size_t session_id_len, + mbedtls_ssl_session *session ); /* TODO: Document */ -typedef int mbedtls_ssl_cache_set_t( void *data, const mbedtls_ssl_session *session ); +typedef int mbedtls_ssl_cache_set_t( void *data, + unsigned char const *session_id, + size_t session_id_len, + const mbedtls_ssl_session *session ); #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h index c6ef2960f4..cb55f7f96f 100644 --- a/include/mbedtls/ssl_cache.h +++ b/include/mbedtls/ssl_cache.h @@ -99,19 +99,32 @@ void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache ); * \brief Cache get callback implementation * (Thread-safe if MBEDTLS_THREADING_C is enabled) * - * \param data SSL cache context - * \param session session to retrieve entry for + * \param data The SSL cache context to use. + * \param session_id The pointer to the buffer holding the session ID + * for the session to load. + * \param session_id_len The length of \p session_id in bytes. + * \param session The address at which to store the session + * associated with \p session_id, if present. */ -int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session ); +int mbedtls_ssl_cache_get( void *data, + unsigned char const *session_id, + size_t session_id_len, + mbedtls_ssl_session *session ); /** * \brief Cache set callback implementation * (Thread-safe if MBEDTLS_THREADING_C is enabled) * - * \param data SSL cache context - * \param session session to store entry for + * \param data The SSL cache context to use. + * \param session_id The pointer to the buffer holding the session ID + * associated to \p session. + * \param session_id_len The length of \p session_id in bytes. + * \param session The session to store. */ -int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ); +int mbedtls_ssl_cache_set( void *data, + unsigned char const *session_id, + size_t session_id_len, + const mbedtls_ssl_session *session ); #if defined(MBEDTLS_HAVE_TIME) /** diff --git a/library/ssl_cache.c b/library/ssl_cache.c index ce85157d2f..e0e2177964 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -50,7 +50,10 @@ void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache ) #endif } -int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session ) +int mbedtls_ssl_cache_get( void *data, + unsigned char const *session_id, + size_t session_id_len, + mbedtls_ssl_session *session ) { int ret = 1; #if defined(MBEDTLS_HAVE_TIME) @@ -78,8 +81,8 @@ int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session ) continue; #endif - if( session->id_len != entry->session.id_len || - memcmp( session->id, entry->session.id, + if( session_id_len != entry->session.id_len || + memcmp( session_id, entry->session.id, entry->session.id_len ) != 0 ) { continue; @@ -135,7 +138,10 @@ exit: return( ret ); } -int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) +int mbedtls_ssl_cache_set( void *data, + unsigned char const *session_id, + size_t session_id_len, + const mbedtls_ssl_session *session ) { int ret = 1; #if defined(MBEDTLS_HAVE_TIME) @@ -167,8 +173,11 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) } #endif - if( memcmp( session->id, cur->session.id, cur->session.id_len ) == 0 ) + if( session_id_len == cur->session.id_len && + memcmp( session_id, cur->session.id, cur->session.id_len ) == 0 ) + { break; /* client reconnected, keep timestamp for session id */ + } #if defined(MBEDTLS_HAVE_TIME) if( oldest == 0 || cur->timestamp < oldest ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 40ad490d8e..784ab2d516 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2784,10 +2784,9 @@ static void ssl_check_id_based_session_resumption( mbedtls_ssl_context *ssl ) return; #endif - session_tmp.id_len = session->id_len; - memcpy( session_tmp.id, session->id, session->id_len ); - ret = ssl->conf->f_get_cache( ssl->conf->p_cache, + session->id, + session->id_len, &session_tmp ); if( ret != 0 ) goto exit; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 67fcebfddc..c26f68bee2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3411,7 +3411,10 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) ssl->session->id_len != 0 && resume == 0 ) { - if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 ) + if( ssl->conf->f_set_cache( ssl->conf->p_cache, + ssl->session->id, + ssl->session->id_len, + ssl->session ) != 0 ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) ); }