Add configuration identifier to serialized SSL sessions

This commit adds space for two bytes in the header of serizlied SSL sessions which can be used to determine the structure of the remaining serialized session in the respective version of Mbed TLS. Specifically, if parts of the session depend on whether specific compile-time options are set or not, the setting of these options can be encoded in the added space. This commit doesn't yet make use of the fields.
2019-05-16 12:41:07 +01:00 · 2019-05-16 12:41:07 +01:00 · f878707b8f
commit f878707b8f
parent a835da5cb1
1 changed files with 14 additions and 5 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -9848,17 +9848,26 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_co
 * and structure of the ticket.
 */

- static unsigned char ssl_serialized_session_header[] = {
-    MBEDTLS_VERSION_MAJOR,
-    MBEDTLS_VERSION_MINOR,
-    MBEDTLS_VERSION_PATCH,
- };
+static unsigned char ssl_serialized_session_header[] = {
+   MBEDTLS_VERSION_MAJOR,
+   MBEDTLS_VERSION_MINOR,
+   MBEDTLS_VERSION_PATCH,
+   0xFF /* TBD */,
+   0xFF /* TBD */
+};

 /*
 * Serialize a session in the following format:
 * (in the presentation language of TLS, RFC 8446 section 3)
 *
 *  opaque mbedtls_version[3];      // major, minor, patch
+ *  opaque session_format[2];       // version-specific 16-bit field determining
+ *                                  // the format of the remaining serialized
+ *                                  // data. For example, it could be a bitfield
+ *                                  // indicating the setting of those compile-
+ *                                  // time configuration options influencing
+ *                                  // the format of the serialized data.
+ *                                  // Unused so far.
 *  uint64 start_time;
 *  uint8 ciphersuite[2];           // defined by the standard
 *  uint8 compression;              // 0 or 1