yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-23 06:35:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add config MBEDTLS_SSL_SESSION_CACHE

Browse source 
Add configuration option MBEDTLS_SSL_SESSION_CACHE to control
enabling/disabling of the cache based session resumption.
This commit is contained in:
Jarno Lamsa 2019-06-18 13:07:17 +03:00 committed by Manuel Pégourié-Gonnard
parent 4e24c449e2
commit 7be14065e2
9 changed files with 40 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
include/mbedtls/config.h
View file

@ -1668,6 +1668,14 @@
*/
#define MBEDTLS_SSL_SESSION_TICKETS
/**
* \def MBEDTLS_SSL_SESSION_CACHE
*
*
* Comment this macro to disable support for SSL session cache
*/
//#define MBEDTLS_SSL_SESSION_CACHE
/**
* \def MBEDTLS_SSL_EXPORT_KEYS
*

10
include/mbedtls/ssl.h
View file

@ -906,11 +906,13 @@ struct mbedtls_ssl_config
int (*f_rng)(void *, unsigned char *, size_t);
void *p_rng; /*!< context for the RNG function */
#if defined(MBEDTLS_SSL_SESSION_CACHE)
/** Callback to retrieve a session from the cache */
int (*f_get_cache)(void *, mbedtls_ssl_session *);
/** Callback to store a session into the cache */
int (*f_set_cache)(void *, const mbedtls_ssl_session *);
void *p_cache; /*!< context for cache callbacks */
#endif
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/** Callback for setting cert according to SNI extension */
@ -2129,7 +2131,7 @@ void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl,
void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_SRV_C)
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
/**
* \brief Set the session cache callbacks (server-side only)
* If not set, no session resuming is done (except if session
@ -2171,9 +2173,9 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
void *p_cache,
int (*f_get_cache)(void *, mbedtls_ssl_session *),
int (*f_set_cache)(void *, const mbedtls_ssl_session *) );
#endif /* MBEDTLS_SSL_SRV_C */
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_SESSION_CACHE */
#if defined(MBEDTLS_SSL_CLI_C)
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
/**
* \brief Request resumption of session (client-side only)
* Session data is copied from presented session structure.
@ -2189,7 +2191,7 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
* \sa mbedtls_ssl_get_session()
*/
int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
#endif /* MBEDTLS_SSL_CLI_C */
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SESSION_CACHE */
/**
* \brief Load serialized session data into a session structure.

2
library/ssl_srv.c
View file

@ -2637,6 +2637,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 );
#if defined(MBEDTLS_SSL_SESSION_CACHE)
/*
* Resume is 0 by default, see ssl_handshake_init().
* It may be already set to 1 by ssl_parse_session_ticket_ext().
@ -2653,6 +2654,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) );
ssl->handshake->resume = 1;
}
#endif /* MBEDTLS_SSL_SESSION_CACHE */
if( ssl->handshake->resume == 0 )
{

12
library/ssl_tls.c
View file

@ -7273,7 +7273,9 @@ static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl )
void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_SSL_SESSION_CACHE)
int resume = ssl->handshake->resume;
#endif /* MBEDTLS_SSL_SESSION_CACHE */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
@ -7302,6 +7304,7 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
ssl->session = ssl->session_negotiate;
ssl->session_negotiate = NULL;
#if defined(MBEDTLS_SSL_SESSION_CACHE)
/*
* Add cache entry
*/
@ -7312,6 +7315,7 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) );
}
#endif /* MBEDTLS_SSL_SESSION_CACHE */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
@ -8152,7 +8156,7 @@ void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
ssl_set_timer( ssl, 0 );
}
#if defined(MBEDTLS_SSL_SRV_C)
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
void *p_cache,
int (*f_get_cache)(void *, mbedtls_ssl_session *),
@ -8162,9 +8166,9 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
conf->f_get_cache = f_get_cache;
conf->f_set_cache = f_set_cache;
}
#endif /* MBEDTLS_SSL_SRV_C */
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_SESSION_CACHE */
#if defined(MBEDTLS_SSL_CLI_C)
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session )
{
int ret;
@ -8185,7 +8189,7 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
return( 0 );
}
#endif /* MBEDTLS_SSL_CLI_C */
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SESSION_CACHE */
void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
const int *ciphersuites )

4
programs/ssl/dtls_server.c
View file

@ -236,11 +236,11 @@ int main( void )
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
#if defined(MBEDTLS_SSL_CACHE_C)
#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
mbedtls_ssl_conf_session_cache( &conf, &cache,
mbedtls_ssl_cache_get,
mbedtls_ssl_cache_set );
#endif
#endif /* MBEDTLS_SSL_CACHE_C && MBEDTLS_SSL_SESSION_CACHE */
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )

8
programs/ssl/query_config.c
View file

@ -1410,6 +1410,14 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_SESSION_CACHE)
if( strcmp( "MBEDTLS_SSL_SESSION_CACHE", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SESSION_CACHE );
return( 0 );
}
#endif /* MBEDTLS_SSL_SESSION_CACHE */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
if( strcmp( "MBEDTLS_SSL_EXPORT_KEYS", config ) == 0 )
{

2
programs/ssl/ssl_client2.c
View file

@ -2545,12 +2545,14 @@ reconnect:
}
}
#if defined(MBEDTLS_SSL_SESSION_CACHE)
if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n",
-ret );
goto exit;
}
#endif /* MBEDTLS_SSL_SESSION_CACHE */
if( ( ret = mbedtls_net_connect( &server_fd,
opt.server_addr, opt.server_port,

4
programs/ssl/ssl_server.c
View file

@ -224,11 +224,11 @@ int main( void )
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
#if defined(MBEDTLS_SSL_CACHE_C)
#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
mbedtls_ssl_conf_session_cache( &conf, &cache,
mbedtls_ssl_cache_get,
mbedtls_ssl_cache_set );
#endif
#endif /* MBEDTLS_SSL_CACHE_C && MBEDTLS_SSL_SESSION_CACHE */
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )

2
programs/ssl/ssl_server2.c
View file

@ -2527,9 +2527,11 @@ int main( int argc, char *argv[] )
if( opt.cache_timeout != -1 )
mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout );
#if defined(MBEDTLS_SSL_SESSION_CACHE)
mbedtls_ssl_conf_session_cache( &conf, &cache,
mbedtls_ssl_cache_get,
mbedtls_ssl_cache_set );
#endif /* MBEDTLS_SSL_SESSION_CACHE */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)