Allow passing NULL pointers to mbedtls_ssl_get_peer_cid()

This commit modifies mbedtls_ssl_get_peer_cid() to also allow passing NULL pointers in the arguments for the peer's CID value and length, in case this information is needed. For example, some users might only be interested in whether the use of the CID was negotiated, in which case both CID value and length pointers can be set to NULL. Other users might only be interested in confirming that the use of CID was negotiated and the peer chose the empty CID, in which case the CID value pointer only would be set to NULL. It doesn't make sense to pass a NULL pointer for the CID length but a non-NULL pointer for the CID value, as the caller has no way of telling the length of the returned CID - and this case is therefore forbidden.
2019-05-22 16:50:35 +01:00 · 2019-05-22 16:50:35 +01:00 · 615ef17b67
commit 615ef17b67
parent 8c07beeb84
2 changed files with 15 additions and 3 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1636,10 +1636,16 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
 *                     otherwise, it is set to MBEDTLS_SSL_CID_DISABLED.
 * \param peer_cid     The address of the buffer in which to store the CID
 *                     chosen by the peer (if the CID extension is used).
+ *                     This may be \c NULL in case the value of peer CID
+ *                     isn't needed. If it is not \c NULL, \p peer_cid_len
+ *                     must not be \c NULL.
 * \param peer_cid_len The address at which to store the size of the CID
 *                     chosen by the peer (if the CID extension is used).
 *                     This is also the number of Bytes in \p peer_cid that
 *                     have been written.
+ *                     This may be \c NULL in case the length of the peer CID
+ *                     isn't needed. If it is \c NULL, \p peer_cid must be
+ *                     \c NULL, too.
 *
 * \note               This applies to the state of the CID negotiated in
 *                     the last complete handshake. If a handshake is in
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -194,9 +194,15 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
        return( 0 );
    }

-    *peer_cid_len = ssl->transform_in->out_cid_len;
-    memcpy( peer_cid, ssl->transform_in->out_cid,
-            ssl->transform_in->out_cid_len );
+    if( peer_cid_len != NULL )
+    {
+        *peer_cid_len = ssl->transform_in->out_cid_len;
+        if( peer_cid != NULL )
+        {
+            memcpy( peer_cid, ssl->transform_in->out_cid,
+                    ssl->transform_in->out_cid_len );
+        }
+    }

    *enabled = MBEDTLS_SSL_CID_ENABLED;