From 37a5324c747f521f7fdf3d8c58211f71c7cfae00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 20 May 2019 11:12:28 +0200 Subject: [PATCH] Add mbedtls_ssl_get_session_pointer() Avoid useless copy with mbedtls_ssl_get_session() before serialising. Used in ssl_client2 for testing and demonstrating usage, but unfortunately that means mbedtls_ssl_get_session() is no longer tested, which will be fixed in the next commit. --- include/mbedtls/ssl.h | 19 ++++++++++++++++++- library/ssl_tls.c | 8 ++++++++ programs/ssl/ssl_client2.c | 13 +------------ 3 files changed, 27 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 6e7ab70de..746bb1ee0 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2184,7 +2184,7 @@ int mbedtls_ssl_session_load( mbedtls_ssl_session *session, * of session cache or session tickets. * * \see mbedtls_ssl_session_load() - * \see mbedtls_ssl_get_session() + * \see mbedtls_ssl_get_session_pointer() * * \param session The session structure to be saved. * \param buf The buffer to write the serialized data to. It must be a @@ -2201,6 +2201,23 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, size_t buf_len, size_t *olen ); +/** + * \brief Get a pointer to the current session structure, for example + * to serialise it. + * + * \warning Ownership of the session remains with the SSL context - the + * returned pointer must not be kept after the connection has + * ended or been renegotiated. + * + * \see mbedtls_ssl_session_save() + * + * \param ssl SSL context + * + * \return A pointer to the current session if successful, + * NULL if no session is active. + */ +const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_context *ssl ); + /** * \brief Set the list of allowed ciphersuites and the preference * order. First in the list has the highest preference. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 38ed02d3a..459f519ef 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8767,6 +8767,14 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session } #endif /* MBEDTLS_SSL_CLI_C */ +const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_context *ssl ) +{ + if( ssl == NULL ) + return( NULL ); + + return( ssl->session ); +} + /* * Serialize a session in the following format: * (in the presentation language of TLS, RFC 8446 section 3) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index c97172d01..da27f0eaf 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1865,14 +1865,7 @@ int main( int argc, char *argv[] ) mbedtls_printf(" . Saving session for reuse..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n", - -ret ); - goto exit; - } - - if( ( ret = mbedtls_ssl_session_save( &saved_session, + if( ( ret = mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ), session_data, sizeof( session_data ), &session_data_len ) ) != 0 ) { @@ -1881,10 +1874,6 @@ int main( int argc, char *argv[] ) goto exit; } - /* Simulate that serialised state can have a larger lifetime than a - * structure: keep the serialised data but not the structure. */ - mbedtls_ssl_session_free( &saved_session ); - mbedtls_printf( " ok\n" ); }