mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-11 06:55:40 +00:00
Add new config MBEDTLS_SSL_SESSION_RESUMPTION
Add a new configuration option MBEDTLS_SSL_SESSION_RESUMPTION to enable/disable the session resumption feature including ticket and cache based session resumption.
This commit is contained in:
parent
590bf51cbb
commit
59bd12bf14
|
@ -671,6 +671,12 @@
|
||||||
#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
|
#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if ( defined(MBEDTLS_SSL_SESSION_TICKETS) || \
|
||||||
|
defined(MBEDTLS_SSL_SESSION_CACHE) ) && \
|
||||||
|
!defined(MBEDTLS_SSL_SESSION_RESUMPTION)
|
||||||
|
#error "MBEDTLS_SSL_SESSION_TICKETS/MBEDTLS_SESSION_CACHE cannot be defined without MBEDTLS_SSL_SESSION_RESUMPTION"
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_THREADING_PTHREAD)
|
#if defined(MBEDTLS_THREADING_PTHREAD)
|
||||||
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
|
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
|
||||||
#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
|
#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
|
||||||
|
|
|
@ -1676,6 +1676,14 @@
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_SSL_SESSION_CACHE
|
#define MBEDTLS_SSL_SESSION_CACHE
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def MBEDTLS_SSL_SESSION_RESUMPTION
|
||||||
|
*
|
||||||
|
*
|
||||||
|
* Comment this macro to disable support for SSL session resumption
|
||||||
|
*/
|
||||||
|
#define MBEDTLS_SSL_SESSION_RESUMPTION
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_SSL_EXPORT_KEYS
|
* \def MBEDTLS_SSL_EXPORT_KEYS
|
||||||
*
|
*
|
||||||
|
|
|
@ -509,7 +509,9 @@ struct mbedtls_ssl_handshake_params
|
||||||
unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
|
unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
|
||||||
/*!< premaster secret */
|
/*!< premaster secret */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
|
||||||
int resume; /*!< session resume indicator*/
|
int resume; /*!< session resume indicator*/
|
||||||
|
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
|
||||||
int max_major_ver; /*!< max. major version client*/
|
int max_major_ver; /*!< max. major version client*/
|
||||||
int max_minor_ver; /*!< max. minor version client*/
|
int max_minor_ver; /*!< max. minor version client*/
|
||||||
int cli_exts; /*!< client extension presence*/
|
int cli_exts; /*!< client extension presence*/
|
||||||
|
|
|
@ -888,7 +888,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
|
ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
|
||||||
ssl->handshake->resume == 0 )
|
ssl->handshake->resume == 0 )
|
||||||
|
#else /* MBEDTLS_SSL_SESSION_RESUMPTION */
|
||||||
|
0 )
|
||||||
|
#endif
|
||||||
{
|
{
|
||||||
n = 0;
|
n = 0;
|
||||||
}
|
}
|
||||||
|
@ -1795,6 +1799,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
|
||||||
/*
|
/*
|
||||||
* Check if the session can be resumed
|
* Check if the session can be resumed
|
||||||
*/
|
*/
|
||||||
|
@ -1818,6 +1823,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
memcpy( ssl->session_negotiate->id, buf + 35, n );
|
memcpy( ssl->session_negotiate->id, buf + 35, n );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
|
||||||
{
|
{
|
||||||
ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
|
ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
|
||||||
|
|
||||||
|
@ -1830,8 +1836,10 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
||||||
ssl->handshake->resume ? "a" : "no" ) );
|
ssl->handshake->resume ? "a" : "no" ) );
|
||||||
|
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) );
|
||||||
|
|
|
@ -2656,7 +2656,9 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_SESSION_CACHE */
|
#endif /* MBEDTLS_SSL_SESSION_CACHE */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
|
||||||
if( ssl->handshake->resume == 0 )
|
if( ssl->handshake->resume == 0 )
|
||||||
|
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* New session, create a new session id,
|
* New session, create a new session id,
|
||||||
|
@ -2683,6 +2685,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
|
@ -2697,6 +2700,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 38 . 38 session id length
|
* 38 . 38 session id length
|
||||||
|
@ -2712,8 +2716,10 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
|
||||||
|
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
||||||
ssl->handshake->resume ? "a" : "no" ) );
|
ssl->handshake->resume ? "a" : "no" ) );
|
||||||
|
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
|
||||||
|
|
||||||
*p++ = (unsigned char)( ssl->session_negotiate->ciphersuite >> 8 );
|
*p++ = (unsigned char)( ssl->session_negotiate->ciphersuite >> 8 );
|
||||||
*p++ = (unsigned char)( ssl->session_negotiate->ciphersuite );
|
*p++ = (unsigned char)( ssl->session_negotiate->ciphersuite );
|
||||||
|
|
|
@ -1263,11 +1263,13 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
|
||||||
(void) ssl;
|
(void) ssl;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
|
||||||
if( handshake->resume != 0 )
|
if( handshake->resume != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster,
|
MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster,
|
||||||
handshake->pmslen );
|
handshake->pmslen );
|
||||||
|
@ -7364,6 +7366,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
|
||||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
||||||
ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED;
|
ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED;
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
|
||||||
/*
|
/*
|
||||||
* In case of session resuming, invert the client and server
|
* In case of session resuming, invert the client and server
|
||||||
* ChangeCipherSpec messages order.
|
* ChangeCipherSpec messages order.
|
||||||
|
@ -7380,6 +7383,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -7520,6 +7524,7 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
|
||||||
memcpy( ssl->peer_verify_data, buf, hash_len );
|
memcpy( ssl->peer_verify_data, buf, hash_len );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
|
||||||
if( ssl->handshake->resume != 0 )
|
if( ssl->handshake->resume != 0 )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_CLI_C)
|
||||||
|
@ -7532,6 +7537,7 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
|
|
@ -1418,6 +1418,14 @@ int query_config( const char *config )
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_SESSION_CACHE */
|
#endif /* MBEDTLS_SSL_SESSION_CACHE */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
|
||||||
|
if( strcmp( "MBEDTLS_SSL_SESSION_RESUMPTION", config ) == 0 )
|
||||||
|
{
|
||||||
|
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SESSION_RESUMPTION );
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||||
if( strcmp( "MBEDTLS_SSL_EXPORT_KEYS", config ) == 0 )
|
if( strcmp( "MBEDTLS_SSL_EXPORT_KEYS", config ) == 0 )
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue