mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-27 05:04:14 +01:00
70e7928d76
mbedtls_ssl_context contains pointers in_buf, in_hdr, in_len, ... which point to various parts of the header of an incoming TLS or DTLS record; similarly, there are pointers out_buf, ... for outgoing records. This commit adds fields in_cid and out_cid which point to where the CID of incoming/outgoing records should reside, if present, namely prior to where the record length resides. Quoting https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04: The DTLSInnerPlaintext value is then encrypted and the CID added to produce the final DTLSCiphertext. struct { ContentType special_type = tls12_cid; /* 25 */ ProtocolVersion version; uint16 epoch; uint48 sequence_number; opaque cid[cid_length]; // New field uint16 length; opaque enc_content[DTLSCiphertext.length]; } DTLSCiphertext; For outgoing records, out_cid is set in ssl_update_out_pointers() based on the settings in the current outgoing transform. For incoming records, ssl_update_in_pointers() sets in_cid as if no CID was present, and it is the responsibility of ssl_parse_record_header() to update the field (as well as in_len, in_msg and in_iv) when parsing records that do contain a CID. This will be done in a subsequent commit. Finally, the code around the invocations of ssl_decrypt_buf() and ssl_encrypt_buf() is adapted to transfer the CID from the input/output buffer to the CID field in the internal record structure (which is what ssl_{encrypt/decrypt}_buf() uses). Note that mbedtls_ssl_in_hdr_len() doesn't need change because it infers the header length as in_iv - in_hdr, which will account for the CID for records using such. |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| aes.c | ||
| aesni.c | ||
| arc4.c | ||
| aria.c | ||
| asn1parse.c | ||
| asn1write.c | ||
| base64.c | ||
| bignum.c | ||
| blowfish.c | ||
| camellia.c | ||
| ccm.c | ||
| certs.c | ||
| chacha20.c | ||
| chachapoly.c | ||
| cipher_wrap.c | ||
| cipher.c | ||
| cmac.c | ||
| CMakeLists.txt | ||
| ctr_drbg.c | ||
| debug.c | ||
| des.c | ||
| dhm.c | ||
| ecdh.c | ||
| ecdsa.c | ||
| ecjpake.c | ||
| ecp_curves.c | ||
| ecp.c | ||
| entropy_poll.c | ||
| entropy.c | ||
| error.c | ||
| gcm.c | ||
| havege.c | ||
| hkdf.c | ||
| hmac_drbg.c | ||
| Makefile | ||
| md2.c | ||
| md4.c | ||
| md5.c | ||
| md_wrap.c | ||
| md.c | ||
| memory_buffer_alloc.c | ||
| net_sockets.c | ||
| nist_kw.c | ||
| oid.c | ||
| padlock.c | ||
| pem.c | ||
| pk_wrap.c | ||
| pk.c | ||
| pkcs5.c | ||
| pkcs11.c | ||
| pkcs12.c | ||
| pkparse.c | ||
| pkwrite.c | ||
| platform_util.c | ||
| platform.c | ||
| poly1305.c | ||
| ripemd160.c | ||
| rsa_internal.c | ||
| rsa.c | ||
| sha1.c | ||
| sha256.c | ||
| sha512.c | ||
| ssl_cache.c | ||
| ssl_ciphersuites.c | ||
| ssl_cli.c | ||
| ssl_cookie.c | ||
| ssl_srv.c | ||
| ssl_ticket.c | ||
| ssl_tls.c | ||
| threading.c | ||
| timing.c | ||
| version_features.c | ||
| version.c | ||
| x509_create.c | ||
| x509_crl.c | ||
| x509_crt.c | ||
| x509_csr.c | ||
| x509.c | ||
| x509write_crt.c | ||
| x509write_csr.c | ||
| xtea.c | ||