Remove compression field from SSL session if compression disabled
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d046020..95a5e9c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -9327,6 +9327,12 @@
#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_CRT 0
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+#define SSL_SERIALIZED_SESSION_CONFIG_COMPRESSION 1
+#else
+#define SSL_SERIALIZED_SESSION_CONFIG_COMPRESSION 0
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
#define SSL_SERIALIZED_SESSION_CONFIG_TIME_BIT 0
#define SSL_SERIALIZED_SESSION_CONFIG_CRT_BIT 1
#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT 2
@@ -9335,6 +9341,7 @@
#define SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT 5
#define SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT 6
#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_CRT_BIT 7
+#define SSL_SERIALIZED_SESSION_CONFIG_COMPRESSION_BIT 8
#define SSL_SERIALIZED_SESSION_CONFIG_BITFLAG \
( (uint16_t) ( \
@@ -9345,6 +9352,7 @@
( SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC << SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC_BIT ) | \
( SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT ) | \
( SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT ) | \
+ ( SSL_SERIALIZED_SESSION_CONFIG_COMPRESSION << SSL_SERIALIZED_SESSION_CONFIG_COMPRESSION_BIT ) | \
( SSL_SERIALIZED_SESSION_CONFIG_KEEP_CRT << SSL_SERIALIZED_SESSION_CONFIG_KEEP_CRT_BIT ) ) )
static unsigned char ssl_serialized_session_header[] = {
@@ -9450,12 +9458,28 @@
/*
* Basic mandatory fields
*/
- used += 2 /* ciphersuite */
- + 1 /* compression */
- + 1 /* id_len */
- + sizeof( session->id )
- + sizeof( session->master )
- + 4; /* verify_result */
+ {
+ size_t const ciphersuite_len = 2;
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+ size_t const compression_len = 1;
+#else
+ size_t const compression_len = 0;
+#endif
+ size_t const id_len_len = 1;
+ size_t const id_len = 32;
+ size_t const master_len = 48;
+ size_t const verif_result_len = 4;
+
+ size_t const basic_len =
+ ciphersuite_len +
+ compression_len +
+ id_len_len +
+ id_len +
+ master_len +
+ verif_result_len;
+
+ used += basic_len;
+ }
if( used <= buf_len )
{
@@ -9464,7 +9488,10 @@
*p++ = (unsigned char)( ( ciphersuite >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ciphersuite ) & 0xFF );
- *p++ = (unsigned char)( session->compression & 0xFF );
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+ *p++ = (unsigned char)(
+ mbedtls_ssl_session_get_compression( session ) );
+#endif
*p++ = (unsigned char)( session->id_len & 0xFF );
memcpy( p, session->id, 32 );
@@ -9662,9 +9689,29 @@
/*
* Basic mandatory fields
*/
+ {
+ size_t const ciphersuite_len = 2;
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+ size_t const compression_len = 1;
+#else
+ size_t const compression_len = 0;
+#endif
+ size_t const id_len_len = 1;
+ size_t const id_len = 32;
+ size_t const master_len = 48;
+ size_t const verif_result_len = 4;
- if( 2 + 1 + 1 + 32 + 48 + 4 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ size_t const basic_len =
+ ciphersuite_len +
+ compression_len +
+ id_len_len +
+ id_len +
+ master_len +
+ verif_result_len;
+
+ if( basic_len > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
ciphersuite = ( p[0] << 8 ) | p[1];
p += 2;
@@ -9679,7 +9726,9 @@
}
#endif
+#if defined(MBEDTLS_ZLIB_SUPPORT)
session->compression = *p++;
+#endif
session->id_len = *p++;
memcpy( session->id, p, 32 );