From 22a59fdca82ddf6f0a273e60f7f271f6cc061888 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 8 May 2019 13:24:25 +0100 Subject: [PATCH] Remove indicators and warnings about unfinished CID implementation --- include/mbedtls/ssl.h | 17 +++-------------- library/ssl_tls.c | 2 -- tests/ssl-opt.sh | 40 ++++++++++++++++++++-------------------- 3 files changed, 23 insertions(+), 36 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 45a6b0da76..d0ecd0b11f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1527,7 +1527,7 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, /** - * \brief (STUB) Configure the use of the Connection ID (CID) + * \brief Configure the use of the Connection ID (CID) * extension in the next handshake. * * Reference: @@ -1551,11 +1551,6 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, * extension in the next handshake and to set the value of * the CID to be used for incoming messages. * - * \warning The current implementation of this API does nothing! - * It is included solely to allow review and coding against - * the new Connection CID API. - * The actual implementation will be added in the future. - * * \param ssl The SSL context to configure. This must be initialized. * \param enable This value determines whether the CID extension should * be used or not. Possible values are: @@ -1621,15 +1616,9 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, size_t own_cid_len ); /** - * \brief (STUB) Get information about the current use of the + * \brief Get information about the current use of the * CID extension. * - * \warning The current implementation of this API does nothing - * except setting `*enabled` to MBEDTLS_SSL_CID_DISABLED! - * It is included solely to allow review and coding against - * the new Connection CID API. - * The actual implementation will be added in the future. - * * \param ssl The SSL context to query. * \param enabled The address at which to store whether the CID extension * is currently in use or not. If the CID is in use, @@ -2313,7 +2302,7 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_CID) /** - * \brief (STUB) Specify the length of CIDs for incoming encrypted + * \brief Specify the length of CIDs for incoming encrypted * DTLS records. (Default: \c 0) * * \param conf The SSL configuration to modify. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f7bc2e7b25..206c4360d2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -167,8 +167,6 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, return( 0 ); } -/* WARNING: The CID feature isn't fully implemented yet - * and will not be used. */ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, int *enabled, unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ], diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1ffcf5ce15..4695a34449 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1277,7 +1277,7 @@ run_test "Truncated HMAC, DTLS: client enabled, server enabled" \ # changed once the CID extension is implemented. requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client enabled, server disabled" \ +run_test "Connection ID: Client enabled, server disabled" \ "$P_SRV debug_level=3 dtls=1 cid=0" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 0 \ @@ -1293,7 +1293,7 @@ run_test "(STUB) Connection ID: Client enabled, server disabled" \ -c "Use of Connection ID was rejected by the server" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client disabled, server enabled" \ +run_test "Connection ID: Client disabled, server enabled" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ "$P_CLI debug_level=3 dtls=1 cid=0" \ 0 \ @@ -1308,7 +1308,7 @@ run_test "(STUB) Connection ID: Client disabled, server enabled" \ -s "Use of Connection ID was not offered by client" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty" \ +run_test "Connection ID: Client+Server enabled, Client+Server CID nonempty" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef" \ 0 \ @@ -1328,7 +1328,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ +run_test "Connection ID: Client+Server enabled, Client CID empty" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ "$P_CLI debug_level=3 dtls=1 cid=1" \ 0 \ @@ -1348,7 +1348,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ +run_test "Connection ID: Client+Server enabled, Server CID empty" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 0 \ @@ -1368,7 +1368,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty" \ +run_test "Connection ID: Client+Server enabled, Client+Server CID empty" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1" \ 0 \ @@ -1386,7 +1386,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt -C "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CCM-8" \ +run_test "Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 0 \ @@ -1406,7 +1406,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CCM-8" \ +run_test "Connection ID: Client+Server enabled, Client CID empty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 0 \ @@ -1426,7 +1426,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CCM-8" \ +run_test "Connection ID: Client+Server enabled, Server CID empty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 0 \ @@ -1446,7 +1446,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CCM-8" \ +run_test "Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 0 \ @@ -1464,7 +1464,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt -C "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CBC" \ +run_test "Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 0 \ @@ -1484,7 +1484,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CBC" \ +run_test "Connection ID: Client+Server enabled, Client CID empty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 0 \ @@ -1504,7 +1504,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CBC" \ +run_test "Connection ID: Client+Server enabled, Server CID empty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 0 \ @@ -1524,7 +1524,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CBC" \ +run_test "Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 0 \ @@ -1543,7 +1543,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "(STUB) Connection ID: Client+Server enabled, renegotiate without change of CID" \ +run_test "Connection ID: Client+Server enabled, renegotiate without change of CID" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ 0 \ @@ -1558,7 +1558,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, renegotiate without ch requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "(STUB) Connection ID: Client+Server enabled, renegotiate with different CID" \ +run_test "Connection ID: Client+Server enabled, renegotiate with different CID" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \ 0 \ @@ -1573,7 +1573,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, renegotiate with diffe requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "(STUB) Connection ID: Client+Server enabled, renegotiate without CID" \ +run_test "Connection ID: Client+Server enabled, renegotiate without CID" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 0 \ @@ -1588,7 +1588,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, renegotiate without CI requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "(STUB) Connection ID: Client+Server enabled, CID on renegotiation" \ +run_test "Connection ID: Client+Server enabled, CID on renegotiation" \ "$P_SRV debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \ 0 \ @@ -1601,7 +1601,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, CID on renegotiation" requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "(STUB) Connection ID: Client+Server enabled, client disables on renegotiation" \ +run_test "Connection ID: Client+Server enabled, client disables on renegotiation" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 0 \ @@ -1617,7 +1617,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, client disables on ren requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "(STUB) Connection ID: Client+Server enabled, server disables on renegotiation" \ +run_test "Connection ID: Client+Server enabled, server disables on renegotiation" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ 0 \