diff --git a/ChangeLog.d/add_own_cid_accessors b/ChangeLog.d/add_own_cid_accessors new file mode 100644 index 000000000..fb02868ee --- /dev/null +++ b/ChangeLog.d/add_own_cid_accessors @@ -0,0 +1,4 @@ +Features + * Add the function mbedtls_ssl_get_own_cid() to access our own connection id + within mbedtls_ssl_context, as requested in #5184 + diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 1c631b526..d712012ac 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1317,8 +1317,9 @@ * in the underlying transport. * * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`, - * `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`. - * See the corresponding documentation for more information. + * mbedtls_ssl_get_own_cid()`, `mbedtls_ssl_get_peer_cid()` and + * `mbedtls_ssl_conf_cid()`. See the corresponding documentation for + * more information. * * \warning The Connection ID extension is still in draft state. * We make no stability promises for the availability diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b819bbad8..16857e8c4 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2023,6 +2023,40 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, unsigned char const *own_cid, size_t own_cid_len ); +/** + * \brief Get information about our request for usage of the CID + * extension in the current connection. + * + * \param ssl The SSL context to query. + * \param enabled The address at which to store whether the CID extension + * is requested to be used or not. If the CID is + * requested, `*enabled` is set to + * MBEDTLS_SSL_CID_ENABLED; otherwise, it is set to + * MBEDTLS_SSL_CID_DISABLED. + * \param own_cid The address of the buffer in which to store our own + * CID (if the CID extension is requested). This may be + * \c NULL in case the value of our CID isn't needed. If + * it is not \c NULL, \p own_cid_len must not be \c NULL. + * \param own_cid_len The address at which to store the size of our own CID + * (if the CID extension is requested). This is also the + * number of Bytes in \p own_cid that have been written. + * This may be \c NULL in case the length of our own CID + * isn't needed. If it is \c NULL, \p own_cid must be + * \c NULL, too. + * + *\note If we are requesting an empty CID this function sets + * `*enabled` to #MBEDTLS_SSL_CID_DISABLED (the rationale + * for this is that the resulting outcome is the + * same as if the CID extensions wasn't requested). + * + * \return \c 0 on success. + * \return A negative error code on failure. + */ +int mbedtls_ssl_get_own_cid( mbedtls_ssl_context *ssl, + int *enabled, + unsigned char own_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX], + size_t *own_cid_len ); + /** * \brief Get information about the use of the CID extension * in the current connection. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0177add1f..8db92c235 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -112,6 +112,34 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, return( 0 ); } +int mbedtls_ssl_get_own_cid( mbedtls_ssl_context *ssl, + int *enabled, + unsigned char own_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX], + size_t *own_cid_len ) +{ + *enabled = MBEDTLS_SSL_CID_DISABLED; + + if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + /* We report MBEDTLS_SSL_CID_DISABLED in case the CID length is + * zero as this is indistinguishable from not requesting to use + * the CID extension. */ + if( ssl->own_cid_len == 0 || ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED ) + return( 0 ); + + if( own_cid_len != NULL ) + { + *own_cid_len = ssl->own_cid_len; + if( own_cid != NULL ) + memcpy( own_cid, ssl->own_cid, ssl->own_cid_len ); + } + + *enabled = MBEDTLS_SSL_CID_ENABLED; + + return( 0 ); +} + int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, int *enabled, unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ],