Address review comments
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 710ffa4..3b7e722 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -888,9 +888,9 @@
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
#endif
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
ssl->handshake->resume == 0 )
-#else /* MBEDTLS_SSL_SESSION_RESUMPTION */
+#else /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
0 )
#endif
{
@@ -1803,8 +1803,8 @@
/*
* Check if the session can be resumed
*/
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
- if( ssl->handshake->resume == 0 || n == 0 ||
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
+ if( n == 0 ||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
#endif
@@ -1812,22 +1812,8 @@
ssl->session_negotiate->compression != comp ||
ssl->session_negotiate->id_len != n ||
memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 )
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
- {
- ssl->state++;
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
ssl->handshake->resume = 0;
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
-#if defined(MBEDTLS_HAVE_TIME)
- ssl->session_negotiate->start = mbedtls_time( NULL );
-#endif
- ssl->session_negotiate->ciphersuite = i;
- ssl->session_negotiate->compression = comp;
- ssl->session_negotiate->id_len = n;
- memcpy( ssl->session_negotiate->id, buf + 35, n );
- }
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
- else
+ if( ssl->handshake->resume == 1 )
{
ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
@@ -1839,12 +1825,26 @@
return( ret );
}
}
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
+ else
+#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
+ {
+ ssl->state++;
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
+ ssl->handshake->resume = 0;
+#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
+#if defined(MBEDTLS_HAVE_TIME)
+ ssl->session_negotiate->start = mbedtls_time( NULL );
+#endif
+ ssl->session_negotiate->ciphersuite = i;
+ ssl->session_negotiate->compression = comp;
+ ssl->session_negotiate->id_len = n;
+ memcpy( ssl->session_negotiate->id, buf + 35, n );
+ }
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
ssl->handshake->resume ? "a" : "no" ) );
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
+#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index a76ce16..7786186 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2637,7 +2637,7 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 );
-#if defined(MBEDTLS_SSL_SESSION_CACHE)
+#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
/*
* Resume is 0 by default, see ssl_handshake_init().
* It may be already set to 1 by ssl_parse_session_ticket_ext().
@@ -2654,11 +2654,25 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) );
ssl->handshake->resume = 1;
}
-#endif /* MBEDTLS_SSL_SESSION_CACHE */
+#endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
- if( ssl->handshake->resume == 0 )
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
+ if( ssl->handshake->resume == 1 )
+ {
+ /*
+ * Resuming a session
+ */
+ n = ssl->session_negotiate->id_len;
+ ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
+
+ if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
+ return( ret );
+ }
+ }
+ else
+#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
{
/*
* New session, create a new session id,
@@ -2685,22 +2699,6 @@
return( ret );
}
}
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
- else
- {
- /*
- * Resuming a session
- */
- n = ssl->session_negotiate->id_len;
- ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
-
- if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
- return( ret );
- }
- }
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
/*
* 38 . 38 session id length
@@ -2716,10 +2714,10 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
ssl->handshake->resume ? "a" : "no" ) );
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
+#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
*p++ = (unsigned char)( ssl->session_negotiate->ciphersuite >> 8 );
*p++ = (unsigned char)( ssl->session_negotiate->ciphersuite );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 420eba2..316d537 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1263,13 +1263,13 @@
(void) ssl;
#endif
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
if( handshake->resume != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
return( 0 );
}
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
+#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster,
handshake->pmslen );
@@ -7275,9 +7275,9 @@
void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
{
-#if defined(MBEDTLS_SSL_SESSION_CACHE)
+#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
int resume = ssl->handshake->resume;
-#endif /* MBEDTLS_SSL_SESSION_CACHE */
+#endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
@@ -7306,7 +7306,7 @@
ssl->session = ssl->session_negotiate;
ssl->session_negotiate = NULL;
-#if defined(MBEDTLS_SSL_SESSION_CACHE)
+#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
/*
* Add cache entry
*/
@@ -7317,7 +7317,7 @@
if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) );
}
-#endif /* MBEDTLS_SSL_SESSION_CACHE */
+#endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
@@ -7366,7 +7366,7 @@
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED;
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
/*
* In case of session resuming, invert the client and server
* ChangeCipherSpec messages order.
@@ -7383,7 +7383,7 @@
#endif
}
else
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
+#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
ssl->state++;
/*
@@ -7524,7 +7524,7 @@
memcpy( ssl->peer_verify_data, buf, hash_len );
#endif
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
+#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
if( ssl->handshake->resume != 0 )
{
#if defined(MBEDTLS_SSL_CLI_C)
@@ -7537,7 +7537,7 @@
#endif
}
else
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
+#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -8162,7 +8162,7 @@
ssl_set_timer( ssl, 0 );
}
-#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
+#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
void *p_cache,
int (*f_get_cache)(void *, mbedtls_ssl_session *),
@@ -8172,9 +8172,9 @@
conf->f_get_cache = f_get_cache;
conf->f_set_cache = f_set_cache;
}
-#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_SESSION_CACHE */
+#endif /* MBEDTLS_SSL_SRV_C && !MBEDTLS_SSL_NO_SESSION_CACHE */
-#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_CACHE)
+#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session )
{
int ret;
@@ -8195,7 +8195,7 @@
return( 0 );
}
-#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SESSION_CACHE */
+#endif /* MBEDTLS_SSL_CLI_C && !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
const int *ciphersuites )
diff --git a/library/version_features.c b/library/version_features.c
index 7deb417..8bc42e3 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -513,12 +513,12 @@
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
"MBEDTLS_SSL_SESSION_TICKETS",
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-#if defined(MBEDTLS_SSL_SESSION_CACHE)
- "MBEDTLS_SSL_SESSION_CACHE",
-#endif /* MBEDTLS_SSL_SESSION_CACHE */
-#if defined(MBEDTLS_SSL_SESSION_RESUMPTION)
- "MBEDTLS_SSL_SESSION_RESUMPTION",
-#endif /* MBEDTLS_SSL_SESSION_RESUMPTION */
+#if defined(MBEDTLS_SSL_NO_SESSION_CACHE)
+ "MBEDTLS_SSL_NO_SESSION_CACHE",
+#endif /* MBEDTLS_SSL_NO_SESSION_CACHE */
+#if defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
+ "MBEDTLS_SSL_NO_SESSION_RESUMPTION",
+#endif /* MBEDTLS_SSL_NO_SESSION_RESUMPTION */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
"MBEDTLS_SSL_EXPORT_KEYS",
#endif /* MBEDTLS_SSL_EXPORT_KEYS */