Add accessor for own cid to ssl context

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
Paul Elliott 2022-03-11 20:26:47 +00:00
parent cefa904759
commit 0113cf1022
4 changed files with 69 additions and 2 deletions

View file

@ -0,0 +1,4 @@
Features
* Add the function mbedtls_ssl_get_own_cid() to access our own connection id
within mbedtls_ssl_context, as requested in #5184

View file

@ -1317,8 +1317,9 @@
* in the underlying transport.
*
* Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
* `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`.
* See the corresponding documentation for more information.
* mbedtls_ssl_get_own_cid()`, `mbedtls_ssl_get_peer_cid()` and
* `mbedtls_ssl_conf_cid()`. See the corresponding documentation for
* more information.
*
* \warning The Connection ID extension is still in draft state.
* We make no stability promises for the availability

View file

@ -2023,6 +2023,40 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
unsigned char const *own_cid,
size_t own_cid_len );
/**
* \brief Get information about our request for usage of the CID
* extension in the current connection.
*
* \param ssl The SSL context to query.
* \param enabled The address at which to store whether the CID extension
* is requested to be used or not. If the CID is
* requested, `*enabled` is set to
* MBEDTLS_SSL_CID_ENABLED; otherwise, it is set to
* MBEDTLS_SSL_CID_DISABLED.
* \param own_cid The address of the buffer in which to store our own
* CID (if the CID extension is requested). This may be
* \c NULL in case the value of our CID isn't needed. If
* it is not \c NULL, \p own_cid_len must not be \c NULL.
* \param own_cid_len The address at which to store the size of our own CID
* (if the CID extension is requested). This is also the
* number of Bytes in \p own_cid that have been written.
* This may be \c NULL in case the length of our own CID
* isn't needed. If it is \c NULL, \p own_cid must be
* \c NULL, too.
*
*\note If we are requesting an empty CID this function sets
* `*enabled` to #MBEDTLS_SSL_CID_DISABLED (the rationale
* for this is that the resulting outcome is the
* same as if the CID extensions wasn't requested).
*
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_ssl_get_own_cid( mbedtls_ssl_context *ssl,
int *enabled,
unsigned char own_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX],
size_t *own_cid_len );
/**
* \brief Get information about the use of the CID extension
* in the current connection.

View file

@ -112,6 +112,34 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
return( 0 );
}
int mbedtls_ssl_get_own_cid( mbedtls_ssl_context *ssl,
int *enabled,
unsigned char own_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX],
size_t *own_cid_len )
{
*enabled = MBEDTLS_SSL_CID_DISABLED;
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
/* We report MBEDTLS_SSL_CID_DISABLED in case the CID length is
* zero as this is indistinguishable from not requesting to use
* the CID extension. */
if( ssl->own_cid_len == 0 || ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
return( 0 );
if( own_cid_len != NULL )
{
*own_cid_len = ssl->own_cid_len;
if( own_cid != NULL )
memcpy( own_cid, ssl->own_cid, ssl->own_cid_len );
}
*enabled = MBEDTLS_SSL_CID_ENABLED;
return( 0 );
}
int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
int *enabled,
unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ],