From 9df5a82079db7ba79ae18a6a08e785cbf275ad66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 23 Jul 2019 14:51:09 +0200 Subject: [PATCH] Actually reset the context on save as advertised Also fix some wording in the documentation while at it. --- include/mbedtls/ssl.h | 6 ++++-- library/ssl_tls.c | 2 +- programs/ssl/ssl_client2.c | 12 ++---------- programs/ssl/ssl_server2.c | 12 ++---------- 4 files changed, 9 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c1c4298c8..272c3b920 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3894,10 +3894,10 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ); * \note When this function succeeds, it calls * mbedtls_ssl_session_reset() on \p ssl which as a result is * no longer associated with the connection that has been - * serialized. This avoids creating copies of the session + * serialized. This avoids creating copies of the connection * state. You're then free to either re-use the context * structure for a different connection, or call - * mbedtls_ssl_session_free() on it. See the documentation of + * mbedtls_ssl_free() on it. See the documentation of * mbedtls_ssl_session_reset() for more details. * * \param ssl The SSL context to save. On success, it is no longer @@ -3920,6 +3920,8 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ); * * \return \c 0 if successful. * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small. + * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed + * while reseting the context. * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in * progress, or there is pending data for reading or sending, * or the connection does not use DTLS 1.2 with an AEAD diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8d75cf3d2..60e9ab0e2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -11522,7 +11522,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 4, "saved context", buf, used ); - return( 0 ); + return( ssl_session_reset_int( ssl, 0 ) ); } /* diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index b93d645e5..bcccd1de3 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2960,16 +2960,8 @@ send_request: if( opt.serialize == 1 ) { - mbedtls_printf( " . Reseting context..." ); - - if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned " - "-0x%x\n\n", -ret ); - goto exit; - } - - mbedtls_printf( " ok\n" ); + /* nothing to do here, done by context_save() already */ + mbedtls_printf( " . Context has been reset... ok" ); } if( opt.serialize == 2 ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 7ac3a82ea..102951b28 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3978,16 +3978,8 @@ data_exchange: */ if( opt.serialize == 1 ) { - mbedtls_printf( " . Reseting context..." ); - - if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned " - "-0x%x\n\n", -ret ); - goto exit; - } - - mbedtls_printf( " ok\n" ); + /* nothing to do here, done by context_save() already */ + mbedtls_printf( " . Context has been reset... ok" ); } /*