From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Mon, 21 May 2018 12:02:44 +0000 (+0200)
Subject: mbedtls: Add support for a session cache
X-Git-Url: http://git.openwrt.org/?p=project%2Fustream-ssl.git;a=commitdiff_plain;h=e8a14691313d72bac27f9060bc536cf2ad23256b

mbedtls: Add support for a session cache

This allows the client to reuse the settings from a previous session and
no full key exchange is needed.
The partially key exchange takes less than 0.1 seconds compared to over
a second needed for a full key exchange.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
---

diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
index e176afe..0b747d2 100644
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -138,6 +138,12 @@ __ustream_ssl_context_new(bool server)
 	mbedtls_x509_crt_init(&ctx->cert);
 	mbedtls_x509_crt_init(&ctx->ca_cert);
 
+#if defined(MBEDTLS_SSL_CACHE_C)
+	mbedtls_ssl_cache_init(&ctx->cache);
+	mbedtls_ssl_cache_set_timeout(&ctx->cache, 30 * 60);
+	mbedtls_ssl_cache_set_max_entries(&ctx->cache, 5);
+#endif
+
 	conf = &ctx->conf;
 	mbedtls_ssl_config_init(conf);
 
@@ -154,6 +160,11 @@ __ustream_ssl_context_new(bool server)
 	mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_NONE);
 	mbedtls_ssl_conf_rng(conf, _urandom, NULL);
 
+#if defined(MBEDTLS_SSL_CACHE_C)
+	mbedtls_ssl_conf_session_cache(conf, &ctx->cache,
+				       mbedtls_ssl_cache_get,
+				       mbedtls_ssl_cache_set);
+#endif
 	return ctx;
 }
 
@@ -214,6 +225,9 @@ __hidden int __ustream_ssl_set_key_file(struct ustream_ssl_ctx *ctx, const char
 
 __hidden void __ustream_ssl_context_free(struct ustream_ssl_ctx *ctx)
 {
+#if defined(MBEDTLS_SSL_CACHE_C)
+	mbedtls_ssl_cache_free(&ctx->cache);
+#endif
 	mbedtls_pk_free(&ctx->key);
 	mbedtls_x509_crt_free(&ctx->ca_cert);
 	mbedtls_x509_crt_free(&ctx->cert);
diff --git a/ustream-mbedtls.h b/ustream-mbedtls.h
index a489867..70bd4ea 100644
--- a/ustream-mbedtls.h
+++ b/ustream-mbedtls.h
@@ -28,11 +28,18 @@
 #include <mbedtls/version.h>
 #include <mbedtls/entropy.h>
 
+#if defined(MBEDTLS_SSL_CACHE_C)
+#include <mbedtls/ssl_cache.h>
+#endif
+
 struct ustream_ssl_ctx {
 	mbedtls_ssl_config conf;
 	mbedtls_pk_context key;
 	mbedtls_x509_crt ca_cert;
 	mbedtls_x509_crt cert;
+#if defined(MBEDTLS_SSL_CACHE_C)
+	mbedtls_ssl_cache_context cache;
+#endif
 	bool server;
 };