SEP Profile

1. Changed session index shift values to constants.
2. Added bounds checking when retrieving a session.
3. Added function to retrieve the peer cert chain from
   a CYASSL_SESSION record.

cyassl/internal.h

@@ -706,6 +706,13 @@ enum Misc {
 };
 
 
+#ifdef SESSION_INDEX
+/* Shift values for making a session index */
+#define SESSIDX_ROW_SHIFT 4
+#define SESSIDX_IDX_MASK  0x0F
+#endif
+
+
 /* max cert chain peer depth */
 #ifndef MAX_CHAIN_DEPTH
     #define MAX_CHAIN_DEPTH 9

cyassl/ssl.h

@@ -248,9 +248,14 @@ CYASSL_API int        CyaSSL_SetServerID(CYASSL* ssl, const unsigned char*,
                                          int, int);
 
 #ifdef SESSION_INDEX
-    CYASSL_API int CyaSSL_GetSessionIndex(CYASSL* ssl);
+CYASSL_API int CyaSSL_GetSessionIndex(CYASSL* ssl);
-    CYASSL_API int CyaSSL_GetSessionAtIndex(int index, CYASSL_SESSION* session);
+CYASSL_API int CyaSSL_GetSessionAtIndex(int index, CYASSL_SESSION* session);
-#endif
+#endif /* SESSION_INDEX */
+
+#if defined(SESSION_INDEX) && defined(SESSION_CERTS)
+CYASSL_API 
+    CYASSL_X509_CHAIN* CyaSSL_SESSION_get_peer_chain(CYASSL_SESSION* session);
+#endif /* SESSION_INDEX && SESSION_CERTS */
 
 typedef int (*VerifyCallback)(int, CYASSL_X509_STORE_CTX*);
 typedef int (*pem_password_cb)(char*, int, int, void*);

src/ssl.c

@@ -4553,7 +4553,7 @@ int AddSession(CYASSL* ssl)
 
     idx = SessionCache[row].nextIdx++;
 #ifdef SESSION_INDEX
-    ssl->sessionIndex = (row << 4) | idx;
+    ssl->sessionIndex = (row << SESSIDX_ROW_SHIFT) | idx;
 #endif
 
     XMEMCPY(SessionCache[row].Sessions[idx].masterSecret,
@@ -4611,34 +4611,59 @@ int AddSession(CYASSL* ssl)
 
 
 #ifdef SESSION_INDEX
-    int CyaSSL_GetSessionIndex(CYASSL* ssl)
+
-    {
+int CyaSSL_GetSessionIndex(CYASSL* ssl)
-        return ssl->sessionIndex;
+{
+    CYASSL_ENTER("CyaSSL_GetSessionIndex");
+    CYASSL_LEAVE("CyaSSL_GetSessionIndex", ssl->sessionIndex);
+    return ssl->sessionIndex;
+}
+
+
+int CyaSSL_GetSessionAtIndex(int index, CYASSL_SESSION* session)
+{
+    int row, col, result = SSL_FAILURE;
+
+    CYASSL_ENTER("CyaSSL_GetSessionAtIndex");
+
+    row = index >> SESSIDX_ROW_SHIFT;
+    col = index & SESSIDX_IDX_MASK;
+
+    if (LockMutex(&session_mutex) != 0) {
+        return BAD_MUTEX_ERROR;
     }
 
-
+    if (row < SESSION_ROWS &&
-    int CyaSSL_GetSessionAtIndex(int index, CYASSL_SESSION* session)
+        col < (int)min(SessionCache[row].totalCount, SESSIONS_PER_ROW)) {
-    {
+        XMEMCPY(session,
-        int row, col, result = SSL_FAILURE;
+                 &SessionCache[row].Sessions[col], sizeof(CYASSL_SESSION));
-
+        result = SSL_SUCCESS;
-        row = index >> 4;
-        col = index & 0x0F;
-
-        if (LockMutex(&session_mutex) != 0)
-            return BAD_MUTEX_ERROR;
-
-        if (row < SESSION_ROWS && col < SessionCache[row].totalCount) {
-            XMEMCPY(session,
-                     &SessionCache[row].Sessions[col], sizeof(CYASSL_SESSION));
-            result = SSL_SUCCESS;
-        }
-
-        if (UnLockMutex(&session_mutex) != 0)
-            return BAD_MUTEX_ERROR;
-
-        return result;
     }
-#endif
+
+    if (UnLockMutex(&session_mutex) != 0)
+        result = BAD_MUTEX_ERROR;
+
+    CYASSL_LEAVE("CyaSSL_GetSessionAtIndex", result);
+    return result;
+}
+
+#endif /* SESSION_INDEX */
+
+#if defined(SESSION_INDEX) && defined(SESSION_CERTS)
+
+CYASSL_X509_CHAIN* CyaSSL_SESSION_get_peer_chain(CYASSL_SESSION* session)
+{
+    CYASSL_X509_CHAIN* chain = NULL;
+
+    CYASSL_ENTER("CyaSSL_SESSION_get_peer_chain");
+    if (session)
+        chain = &session->chain;
+
+    CYASSL_LEAVE("CyaSSL_SESSION_get_peer_chain", chain ? 1 : 0);
+    return chain;
+}
+
+#endif /* SESSION_INDEX && SESSION_CERTS */
 
 
     #ifdef SESSION_STATS