Use SSL_session_reused to check when a session was reused

The returned session_id could be exactly the same in the case of TLS session tickets, so use the SSL_session_reused API to determine exactly when a session was reused. (cherry picked from commit 1115fa0f) Bug: 28751153 Change-Id: Ie82e4d1bb326d7e7deb7981a1e57df393f6c0e1f

Use SSL_session_reused to check when a session was reused
The returned session_id could be exactly the same in the case of TLS session tickets, so use the SSL_session_reused API to determine exactly when a session was reused. (cherry picked from commit 1115fa0f) Bug: 28751153 Change-Id: Ie82e4d1bb326d7e7deb7981a1e57df393f6c0e1f
efd7f14d · Kenny Root · 4c9f9c22 · efd7f14d · efd7f14d · efd7f14d
Commit efd7f14d authored 9 years ago by Kenny Root
3 changed files
--- a/src/main/java/org/conscrypt/NativeCrypto.java
+++ b/src/main/java/org/conscrypt/NativeCrypto.java
@@ -1112,6 +1112,8 @@ public final class NativeCrypto {
    public static native void SSL_set_session_creation_enabled(
            long sslNativePointer, boolean creationEnabled) throws SSLException;

+    public static native boolean SSL_session_reused(long sslNativePointer);
+
    public static native void SSL_set_tlsext_host_name(long sslNativePointer, String hostname)
            throws SSLException;
    public static native String SSL_get_servername(long sslNativePointer);

--- a/src/main/java/org/conscrypt/SSLParametersImpl.java
+++ b/src/main/java/org/conscrypt/SSLParametersImpl.java
@@ -563,8 +563,7 @@ public class SSLParametersImpl implements Cloneable {
            final OpenSSLSessionImpl sessionToReuse, String hostname, int port,
            boolean handshakeCompleted) throws IOException {
        OpenSSLSessionImpl sslSession = null;
-        byte[] sessionId = NativeCrypto.SSL_SESSION_session_id(sslSessionNativePointer);
-        if (sessionToReuse != null && Arrays.equals(sessionToReuse.getId(), sessionId)) {
+        if (sessionToReuse != null && NativeCrypto.SSL_session_reused(sslNativePointer)) {
            sslSession = sessionToReuse;
            sslSession.lastAccessedTime = System.currentTimeMillis();
            NativeCrypto.SSL_SESSION_free(sslSessionNativePointer);

--- a/src/main/native/org_conscrypt_NativeCrypto.cpp
+++ b/src/main/native/org_conscrypt_NativeCrypto.cpp
@@ -7860,6 +7860,18 @@ static void NativeCrypto_SSL_set_session_creation_enabled(JNIEnv* env, jclass,
    SSL_set_session_creation_enabled(ssl, creation_enabled);
 }

+static jboolean NativeCrypto_SSL_session_reused(JNIEnv* env, jclass, jlong ssl_address) {
+    SSL* ssl = to_SSL(env, ssl_address, true);
+    JNI_TRACE("ssl=%p NativeCrypto_SSL_session_reused", ssl);
+    if (ssl == nullptr) {
+        return JNI_FALSE;
+    }
+
+    int reused = SSL_session_reused(ssl);
+    JNI_TRACE("ssl=%p NativeCrypto_SSL_session_reused => %d", ssl, reused);
+    return reused == 1 ? JNI_TRUE : JNI_FALSE;
+}
+
 static void NativeCrypto_SSL_set_tlsext_host_name(JNIEnv* env, jclass,
        jlong ssl_address, jstring hostname)
 {
@@ -9724,6 +9736,7 @@ static JNINativeMethod sNativeCryptoMethods[] = {
    NATIVE_METHOD(NativeCrypto, SSL_set_verify, "(JI)V"),
    NATIVE_METHOD(NativeCrypto, SSL_set_session, "(JJ)V"),
    NATIVE_METHOD(NativeCrypto, SSL_set_session_creation_enabled, "(JZ)V"),
+    NATIVE_METHOD(NativeCrypto, SSL_session_reused, "(J)Z"),
    NATIVE_METHOD(NativeCrypto, SSL_set_tlsext_host_name, "(JLjava/lang/String;)V"),
    NATIVE_METHOD(NativeCrypto, SSL_get_servername, "(J)Ljava/lang/String;"),
    NATIVE_METHOD(NativeCrypto, SSL_do_handshake, "(J" FILE_DESCRIPTOR SSL_CALLBACKS "IZ[B[B)J"),