From f878707b8f41c675ca4b0e93e1fe751ffbfcc9ab Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 16 May 2019 12:41:07 +0100 Subject: [PATCH] Add configuration identifier to serialized SSL sessions This commit adds space for two bytes in the header of serizlied SSL sessions which can be used to determine the structure of the remaining serialized session in the respective version of Mbed TLS. Specifically, if parts of the session depend on whether specific compile-time options are set or not, the setting of these options can be encoded in the added space. This commit doesn't yet make use of the fields. --- library/ssl_tls.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b6c585f4d5..ca52752c28 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9848,17 +9848,26 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_co * and structure of the ticket. */ - static unsigned char ssl_serialized_session_header[] = { - MBEDTLS_VERSION_MAJOR, - MBEDTLS_VERSION_MINOR, - MBEDTLS_VERSION_PATCH, - }; +static unsigned char ssl_serialized_session_header[] = { + MBEDTLS_VERSION_MAJOR, + MBEDTLS_VERSION_MINOR, + MBEDTLS_VERSION_PATCH, + 0xFF /* TBD */, + 0xFF /* TBD */ +}; /* * Serialize a session in the following format: * (in the presentation language of TLS, RFC 8446 section 3) * * opaque mbedtls_version[3]; // major, minor, patch + * opaque session_format[2]; // version-specific 16-bit field determining + * // the format of the remaining serialized + * // data. For example, it could be a bitfield + * // indicating the setting of those compile- + * // time configuration options influencing + * // the format of the serialized data. + * // Unused so far. * uint64 start_time; * uint8 ciphersuite[2]; // defined by the standard * uint8 compression; // 0 or 1