Add fields to SSL structures describing state and config of CID ext

* mbedtls_ssl_context gets fields indicating whether the CID extension should be negotiated in the next handshake, and, if yes, which CID the user wishes the peer to use. This information does not belong to mbedtls_ssl_handshake_params because (a) it is configured prior to the handshake, and (b) it applies to all subsequent handshakes. * mbedtls_ssl_handshake_params gets fields indicating the state of CID negotiation during the handshake. Specifically, it indicates if the use of the CID extension has been negotiated, and if so, which CID the peer wishes us to use for outgoing messages.
2024-11-22 23:15:43 +01:00 · 2019-04-25 15:46:59 +01:00 · 2019-04-25 15:46:59 +01:00 · 2f28c1031f
commit 2f28c1031f
parent 35c36a6760
2 changed files with 27 additions and 0 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1266,6 +1266,21 @@ struct mbedtls_ssl_context
    char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
    char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+#if defined(MBEDTLS_SSL_CID)
+    /* CID configuration to use in subsequent handshakes. */
+
+    /*! The next incoming CID, chosen by the user and applying to
+     *  all subsequent handshakes. This may be different from the
+     *  CID currently used in case the user has re-configured the CID
+     *  after an initial handshake. */
+    unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
+    uint8_t own_cid_len;   /*!< The length of \c own_cid. */
+    uint8_t negotiate_cid; /*!< This indicates whether the CID extension should
+                            *   be negotiated in the next handshake or not.
+                            *   Possible values are #MBEDTLS_SSL_CID_ENABLED
+                            *   and #MBEDTLS_SSL_CID_DISABLED. */
+#endif /* MBEDTLS_SSL_CID */
 };

 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@ -372,6 +372,18 @@ struct mbedtls_ssl_handshake_params
    unsigned char alt_out_ctr[8];       /*!<  Alternative record epoch/counter
                                              for resending messages         */

+#if defined(MBEDTLS_SSL_CID)
+    /* The state of CID configuration in this handshake. */
+
+    uint8_t cid_in_use; /*!< This indicates whether the use of the CID extension
+                         *   has been negotited. Possible values are
+                         *   #MBEDTLS_SSL_CID_ENABLED and
+                         *   #MBEDTLS_SSL_CID_DISABLED. */
+    unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */
+    uint8_t peer_cid_len;                                  /*!< The length of
+                                                            *   \c peer_cid.  */
+#endif /* MBEDTLS_SSL_CID */
+
    struct
    {
        size_t total_bytes_buffered; /*!< Cumulative size of heap allocated