Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / 2f28c1031f8d74c5c760534952c022fb463216dc^! / .
commit2f28c1031f8d74c5c760534952c022fb463216dc[log] [tgz]
authorHanno Becker <hanno.becker@arm.com>Thu Apr 25 15:46:59 2019 +0100
committerHanno Becker <hanno.becker@arm.com>Mon Jun 03 14:43:16 2019 +0100
tree470d76f58722e570d3fbcaa0959ed34ba358e0dd
parent35c36a67607044ae98cbb69370a1fa00dbf0bbd3 [diff]
Add fields to SSL structures describing state and config of CID ext

* mbedtls_ssl_context gets fields indicating whether the CID extension
  should be negotiated in the next handshake, and, if yes, which CID
  the user wishes the peer to use.

  This information does not belong to mbedtls_ssl_handshake_params
  because (a) it is configured prior to the handshake, and (b) it
  applies to all subsequent handshakes.

* mbedtls_ssl_handshake_params gets fields indicating the state of CID
  negotiation during the handshake. Specifically, it indicates if the
  use of the CID extension has been negotiated, and if so, which CID
  the peer wishes us to use for outgoing messages.

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index f405065..494f8c2 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -1266,6 +1266,21 @@
     char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
     char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+#if defined(MBEDTLS_SSL_CID)
+    /* CID configuration to use in subsequent handshakes. */
+
+    /*! The next incoming CID, chosen by the user and applying to
+     *  all subsequent handshakes. This may be different from the
+     *  CID currently used in case the user has re-configured the CID
+     *  after an initial handshake. */
+    unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
+    uint8_t own_cid_len;   /*!< The length of \c own_cid. */
+    uint8_t negotiate_cid; /*!< This indicates whether the CID extension should
+                            *   be negotiated in the next handshake or not.
+                            *   Possible values are #MBEDTLS_SSL_CID_ENABLED
+                            *   and #MBEDTLS_SSL_CID_DISABLED. */
+#endif /* MBEDTLS_SSL_CID */
 };
 
 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 9c4be53..e4d0a4c 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h

@@ -372,6 +372,18 @@
     unsigned char alt_out_ctr[8];       /*!<  Alternative record epoch/counter
                                               for resending messages         */
 
+#if defined(MBEDTLS_SSL_CID)
+    /* The state of CID configuration in this handshake. */
+
+    uint8_t cid_in_use; /*!< This indicates whether the use of the CID extension
+                         *   has been negotited. Possible values are
+                         *   #MBEDTLS_SSL_CID_ENABLED and
+                         *   #MBEDTLS_SSL_CID_DISABLED. */
+    unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */
+    uint8_t peer_cid_len;                                  /*!< The length of
+                                                            *   \c peer_cid.  */
+#endif /* MBEDTLS_SSL_CID */
+
     struct
     {
         size_t total_bytes_buffered; /*!< Cumulative size of heap allocated