1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00

Skip copying CIDs to SSL transforms until CID feature is complete

This commit temporarily comments the copying of the negotiated CIDs
into the established ::mbedtls_ssl_transform in mbedtls_ssl_derive_keys()
until the CID feature has been fully implemented.

While mbedtls_ssl_decrypt_buf() and mbedtls_ssl_encrypt_buf() do
support CID-based record protection by now and can be unit tested,
the following two changes in the rest of the stack are still missing
before CID-based record protection can be integrated:
- Parsing of CIDs in incoming records.
- Allowing the new CID record content type for incoming records.
- Dealing with a change of record content type during record
  decryption.

Further, since mbedtls_ssl_get_peer_cid() judges the use of CIDs by
the CID fields in the currently transforms, this change also requires
temporarily disabling some grepping for ssl_client2 / ssl_server2
debug output in ssl-opt.sh.
This commit is contained in:
Hanno Becker
2019-04-30 13:52:29 +01:00
parent 8b3eb5ab82
commit 8a7f972202
2 changed files with 68 additions and 55 deletions

View File

@ -956,11 +956,14 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) );
transform->in_cid_len = ssl->own_cid_len;
transform->out_cid_len = ssl->handshake->peer_cid_len;
memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len );
memcpy( transform->out_cid, ssl->handshake->peer_cid,
ssl->handshake->peer_cid_len );
/* Uncomment this once CID-parsing and support for a change
* record content type during record decryption are added. */
/* transform->in_cid_len = ssl->own_cid_len; */
/* transform->out_cid_len = ssl->handshake->peer_cid_len; */
/* memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len ); */
/* memcpy( transform->out_cid, ssl->handshake->peer_cid, */
/* ssl->handshake->peer_cid_len ); */
MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid,
transform->out_cid_len );