Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1762030842, "reponame":"libwebsockets", "desc":"libwebsockets lightweight C networking library", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://libwebsockets.org/repo/libwebsockets", "f":3, "items": [ {"schema":"libjg2-1", "cid":"8c2354dec46ce7204792389c4c057e0d", "commit": {"type":"commit", "time": 1753678173, "time_ofs": 60, "oid_tree": { "oid": "7972e8eb689cdd9412acc8580d99ec9da2756c06", "alias": []}, "oid":{ "oid": "c58d4b9a379ce4db2939146a761362aee99d5ce4", "alias": []}, "msg": "mbedtls: use official serialization", "sig_commit": { "git_time": { "time": 1753678173, "offset": 60 }, "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" }, "sig_author": { "git_time": { "time": 1753591874, "offset": 60 }, "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" }}, "body": "mbedtls: use official serialization\n\nCo-developed-by: Gemini 2.5 Pro\n" , "diff": "diff --git a/lib/tls/mbedtls/mbedtls-session.c b/lib/tls/mbedtls/mbedtls-session.c\nindex a774ffb..574f85e 100644\n--- a/lib/tls/mbedtls/mbedtls-session.c\n+++ b/lib/tls/mbedtls/mbedtls-session.c\n@@ -24,11 +24,16 @@\n \n #include \u0022private-lib-core.h\u0022\n \n+typedef struct lws_serialized_mbedtls_session {\n+\tsize_t len;\n+\tuint8_t data[2048]; /* Sized to hold a typical serialized session */\n+} lws_ser_sess_t;\n+\n typedef struct lws_tls_session_cache_mbedtls {\n \tlws_dll2_t\t\t\tlist;\n \n- \tmbedtls_ssl_session\t\tsession;\n \tlws_sorted_usec_list_t\t\tsul_ttl;\n+\tlws_ser_sess_t\t\t\t*ser_data;\n \n \t/* name is overallocated here */\n } lws_tls_scm_t;\n@@ -44,8 +49,9 @@ __lws_tls_session_destroy(lws_tls_scm_t *ts)\n \t\t\t\t (unsigned int)(ts-\u003elist.owner-\u003ecount - 1));\n \n \tlws_sul_cancel(\u0026ts-\u003esul_ttl);\n-\tmbedtls_ssl_session_free(\u0026ts-\u003esession);\n \tlws_dll2_remove(\u0026ts-\u003elist);\t\t/* vh lock */\n+\tif (ts-\u003eser_data)\n+\t\tlws_free(ts-\u003eser_data);\n \n \tlws_free(ts);\n }\n@@ -76,6 +82,7 @@ lws_tls_reuse_session(struct lws *wsi)\n \tchar buf[LWS_SESSION_TAG_LEN];\n \tmbedtls_ssl_context *msc;\n \tlws_tls_scm_t *ts;\n+\tmbedtls_ssl_session session;\n \n \tif (!wsi-\u003ea.vhost ||\n \t wsi-\u003ea.vhost-\u003eoptions \u0026 LWS_SERVER_OPTION_DISABLE_TLS_SESSION_CACHE)\n@@ -94,11 +101,25 @@ lws_tls_reuse_session(struct lws *wsi)\n \t\tgoto bail;\n \t}\n \n+\tif (!ts-\u003eser_data) /* cache entry is invalid */\n+\t\tgoto bail;\n+\n+\tmbedtls_ssl_session_init(\u0026session);\n+\n+\tif (mbedtls_ssl_session_load(\u0026session, ts-\u003eser_data-\u003edata,\n+\t\t\t\t ts-\u003eser_data-\u003elen)) {\n+\t\tmbedtls_ssl_session_free(\u0026session);\n+\t\tgoto bail;\n+\t}\n+\n \tlwsl_tlssess(\u0022%s: %s\u005cn\u0022, __func__, (const char *)\u0026ts[1]);\n \twsi-\u003etls_session_reused \u003d 1;\n \n \tmsc \u003d SSL_mbedtls_ssl_context_from_SSL(wsi-\u003etls.ssl);\n-\tmbedtls_ssl_set_session(msc, \u0026ts-\u003esession);\n+\tif (mbedtls_ssl_set_session(msc, \u0026session)) {\n+\t\t/* Failed to set session, clean up and bail */\n+\t}\n+\tmbedtls_ssl_session_free(\u0026session);\n \n \t/* keep our session list sorted in lru -\u003e mru order */\n \n@@ -168,6 +189,7 @@ lws_tls_session_new_mbedtls(struct lws *wsi)\n \tstruct lws_vhost *vh;\n \tlws_tls_scm_t *ts;\n \tsize_t nl;\n+\tmbedtls_ssl_session temp_session;\n #if !defined(LWS_WITH_NO_LOGS) \u0026\u0026 defined(_DEBUG)\n \tconst char *disposition \u003d \u0022reuse\u0022;\n #endif\n@@ -183,6 +205,8 @@ lws_tls_session_new_mbedtls(struct lws *wsi)\n \n \tmsc \u003d SSL_mbedtls_ssl_context_from_SSL(wsi-\u003etls.ssl);\n \n+\tmbedtls_ssl_session_init(\u0026temp_session);\n+\n \tlws_context_lock(vh-\u003econtext, __func__); /* -------------- cx { */\n \tlws_vhost_lock(vh); /* -------------- vh { */\n \n@@ -219,12 +243,27 @@ lws_tls_session_new_mbedtls(struct lws *wsi)\n \t\tmemset(ts, 0, sizeof(*ts));\n \t\tmemcpy(\u0026ts[1], buf, nl + 1);\n \n-\t\tif (mbedtls_ssl_get_session(msc, \u0026ts-\u003esession)) {\n+\t\tts-\u003eser_data \u003d lws_malloc(sizeof(*ts-\u003eser_data), __func__);\n+\t\tif (!ts-\u003eser_data) {\n+\t\t\tlws_free(ts);\n+\t\t\tgoto bail;\n+\t\t}\n+\n+\t\tif (mbedtls_ssl_get_session(msc, \u0026temp_session)) {\n+\t\t\tlws_free(ts-\u003eser_data);\n \t\t\tlws_free(ts);\n \t\t\t/* no joy for whatever reason */\n \t\t\tgoto bail;\n \t\t}\n \n+\t\tif (mbedtls_ssl_session_save(\u0026temp_session, ts-\u003eser_data-\u003edata,\n+\t\t\t\t\t sizeof(ts-\u003eser_data-\u003edata),\n+\t\t\t\t\t \u0026ts-\u003eser_data-\u003elen)) {\n+\t\t\t/* Serialization failed, cache entry will be invalid */\n+\t\t\tlws_free(ts-\u003eser_data);\n+\t\t\tts-\u003eser_data \u003d NULL;\n+\t\t}\n+\n \t\tlws_dll2_add_tail(\u0026ts-\u003elist, \u0026vh-\u003etls_sessions);\n \n \t\tlws_sul_schedule(wsi-\u003ea.context, wsi-\u003etsi, \u0026ts-\u003esul_ttl,\n@@ -236,18 +275,30 @@ lws_tls_session_new_mbedtls(struct lws *wsi)\n \t\tdisposition \u003d \u0022new\u0022;\n #endif\n \t} else {\n-\n-\t\tmbedtls_ssl_session_free(\u0026ts-\u003esession);\n-\n-\t\tif (mbedtls_ssl_get_session(msc, \u0026ts-\u003esession))\n+\t\tif (mbedtls_ssl_get_session(msc, \u0026temp_session))\n \t\t\t/* no joy for whatever reason */\n \t\t\tgoto bail;\n \n+\t\tif (!ts-\u003eser_data) {\n+\t\t\tts-\u003eser_data \u003d lws_malloc(sizeof(*ts-\u003eser_data), __func__);\n+\t\t\tif (!ts-\u003eser_data)\n+\t\t\t\tgoto bail;\n+\t\t}\n+\n+\t\tif (mbedtls_ssl_session_save(\u0026temp_session, ts-\u003eser_data-\u003edata,\n+\t\t\t\t\t sizeof(ts-\u003eser_data-\u003edata),\n+\t\t\t\t\t \u0026ts-\u003eser_data-\u003elen)) {\n+\t\t\t/* Serialization failed, cache entry will be invalid */\n+\t\t\tlws_free(ts-\u003eser_data);\n+\t\t\tts-\u003eser_data \u003d NULL;\n+\t\t}\n+\n \t\t/* keep our session list sorted in lru -\u003e mru order */\n \n \t\tlws_dll2_remove(\u0026ts-\u003elist);\n \t\tlws_dll2_add_tail(\u0026ts-\u003elist, \u0026vh-\u003etls_sessions);\n \t}\n+\tmbedtls_ssl_session_free(\u0026temp_session);\n \n \tlws_vhost_unlock(vh); /* } vh -------------- */\n \tlws_context_unlock(vh-\u003econtext); /* } cx -------------- */\n@@ -264,6 +315,7 @@ lws_tls_session_new_mbedtls(struct lws *wsi)\n \treturn 1;\n \n bail:\n+\tmbedtls_ssl_session_free(\u0026temp_session);\n \tlws_vhost_unlock(vh); /* } vh -------------- */\n \tlws_context_unlock(vh-\u003econtext); /* } cx -------------- */\n \n","s":{"c":1762030842,"u": 2277}} ],"g": 3351,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}