From 557fe9ffdeea8a358f89356ea462b492d2c7bc32 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 16 May 2019 12:41:07 +0100 Subject: [PATCH] Add configuration identifier to serialized SSL sessions This commit adds space for two bytes in the header of serizlied SSL sessions which can be used to determine the structure of the remaining serialized session in the respective version of Mbed TLS. Specifically, if parts of the session depend on whether specific compile-time options are set or not, the setting of these options can be encoded in the added space. This commit doesn't yet make use of the fields. --- library/ssl_tls.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 91a979356..e5bfff3ea 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8781,17 +8781,26 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_co * and structure of the ticket. */ - static unsigned char ssl_serialized_session_header[] = { - MBEDTLS_VERSION_MAJOR, - MBEDTLS_VERSION_MINOR, - MBEDTLS_VERSION_PATCH, - }; +static unsigned char ssl_serialized_session_header[] = { + MBEDTLS_VERSION_MAJOR, + MBEDTLS_VERSION_MINOR, + MBEDTLS_VERSION_PATCH, + 0xFF /* TBD */, + 0xFF /* TBD */ +}; /* * Serialize a session in the following format: * (in the presentation language of TLS, RFC 8446 section 3) * * opaque mbedtls_version[3]; // major, minor, patch + * opaque session_format[2]; // version-specific 16-bit field determining + * // the format of the remaining serialized + * // data. For example, it could be a bitfield + * // indicating the setting of those compile- + * // time configuration options influencing + * // the format of the serialized data. + * // Unused so far. * uint64 start_time; * uint8 ciphersuite[2]; // defined by the standard * uint8 compression; // 0 or 1