mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-29 11:41:15 +03:00
Skip copying CIDs to SSL transforms until CID feature is complete
This commit temporarily comments the copying of the negotiated CIDs into the established ::mbedtls_ssl_transform in mbedtls_ssl_derive_keys() until the CID feature has been fully implemented. While mbedtls_ssl_decrypt_buf() and mbedtls_ssl_encrypt_buf() do support CID-based record protection by now and can be unit tested, the following two changes in the rest of the stack are still missing before CID-based record protection can be integrated: - Parsing of CIDs in incoming records. - Allowing the new CID record content type for incoming records. - Dealing with a change of record content type during record decryption. Further, since mbedtls_ssl_get_peer_cid() judges the use of CIDs by the CID fields in the currently transforms, this change also requires temporarily disabling some grepping for ssl_client2 / ssl_server2 debug output in ssl-opt.sh.
This commit is contained in:
@ -956,11 +956,14 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
||||
if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) );
|
||||
transform->in_cid_len = ssl->own_cid_len;
|
||||
transform->out_cid_len = ssl->handshake->peer_cid_len;
|
||||
memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len );
|
||||
memcpy( transform->out_cid, ssl->handshake->peer_cid,
|
||||
ssl->handshake->peer_cid_len );
|
||||
|
||||
/* Uncomment this once CID-parsing and support for a change
|
||||
* record content type during record decryption are added. */
|
||||
/* transform->in_cid_len = ssl->own_cid_len; */
|
||||
/* transform->out_cid_len = ssl->handshake->peer_cid_len; */
|
||||
/* memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len ); */
|
||||
/* memcpy( transform->out_cid, ssl->handshake->peer_cid, */
|
||||
/* ssl->handshake->peer_cid_len ); */
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid,
|
||||
transform->out_cid_len );
|
||||
|
Reference in New Issue
Block a user