From 8367ccc03bfdc86320324dfdc87ccb518d536282 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 14 May 2019 11:30:10 +0100
Subject: [PATCH] Allow to configure the stack's behaviour on unexpected CIDs

This commit modifies the CID configuration API mbedtls_ssl_conf_cid_len()
to allow the configuration of the stack's behaviour when receiving an
encrypted DTLS record with unexpected CID.
---
 include/mbedtls/config.h   |  2 +-
 include/mbedtls/ssl.h      | 27 +++++++++++++++++++++++----
 library/ssl_tls.c          | 20 ++++++++++++++------
 programs/ssl/ssl_client2.c |  6 ++++--
 programs/ssl/ssl_server2.c |  6 ++++--
 5 files changed, 46 insertions(+), 15 deletions(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 2e1b982cb..2ad39db7a 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1335,7 +1335,7 @@
  * in the underlying transport.
  *
  * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
- * `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid_len()`.
+ * `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`.
  * See their documentation for more information.
  *
  * \warning The Connection ID extension is still in draft state.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index b616a733f..6f35e58d3 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1114,6 +1114,11 @@ struct mbedtls_ssl_config
     unsigned int cert_req_ca_list : 1;  /*!< enable sending CA list in
                                           Certificate Request messages?     */
 #endif
+#if defined(MBEDTLS_SSL_CID)
+    unsigned int ignore_unexpected_cid : 1; /*!< Determines whether DTLS
+                                             *   record with unexpected CID
+                                             *   should lead to failure.    */
+#endif /* MBEDTLS_SSL_CID */
 };
 
 
@@ -1572,7 +1577,7 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
  *                    MBEDTLS_SSL_CID_DISABLED.
  *
  * \note              The value of \p own_cid_len must match the value of the
- *                    \c len parameter passed to mbedtls_ssl_conf_cid_len()
+ *                    \c len parameter passed to mbedtls_ssl_conf_cid()
  *                    when configuring the ::mbedtls_ssl_config that \p ssl
  *                    is bound to.
  *
@@ -2305,14 +2310,27 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
                                    const int *ciphersuites );
 
 #if defined(MBEDTLS_SSL_CID)
+#define MBEDTLS_SSL_UNEXPECTED_CID_FAIL   0
+#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 1
 /**
- * \brief               Specify the length of CIDs for incoming encrypted
- *                      DTLS records. (Default: \c 0)
+ * \brief               Specify the length of CIDs for incoming encrypted DTLS
+ *                      records and specify the behaviour on unexpected CIDs.
+ *
+ *                      By default, the CID length is set to \c 0,
+ *                      and unexpected CIDs are silently ignored.
  *
  * \param conf          The SSL configuration to modify.
  * \param len           The length in Bytes of the CID fields in encrypted
  *                      DTLS records using the CID mechanism. This must
  *                      not be larger than #MBEDTLS_SSL_CID_OUT_LEN_MAX.
+ * \param ignore_other_cid  This determines the stack's behaviour when
+ *                          receiving a record with an unexpected CID.
+ *                          Possible values are:
+ *                          - #MBEDTLS_SSL_UNEXPECTED_CID_IGNORE
+ *                            In this case, the record is silently ignored.
+ *                          - #MBEDTLS_SSL_UNEXPECTED_CID_FAIL
+ *                            In this case, the stack fails with the specific
+ *                            error code #MBEDTLS_ERR_SSL_UNEXPECTED_CID.
  *
  * \note                The CID specification allows implementations to either
  *                      use a common length for all incoming connection IDs or
@@ -2325,7 +2343,8 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
  * \return              #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len
  *                      is too large.
  */
-int mbedtls_ssl_conf_cid_len( mbedtls_ssl_config *conf, size_t len );
+int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len,
+                          int ignore_other_cids );
 #endif /* MBEDTLS_SSL_CID */
 
 /**
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 428bab740..df11bb604 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -122,12 +122,15 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl );
 
 /* WARNING: The CID feature isn't fully implemented yet
  *          and will not be used. */
-int mbedtls_ssl_conf_cid_len( mbedtls_ssl_config *conf,
-                              size_t len )
+int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf,
+                          size_t len,
+                          int ignore_other_cid )
 {
     if( len > MBEDTLS_SSL_CID_IN_LEN_MAX )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
+    conf->ignore_unexpected_cid =
+        ( ignore_other_cid == MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
     conf->cid_len = len;
     return( 0 );
 }
@@ -2570,12 +2573,10 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
     /*
      * Match record's CID with incoming CID.
      */
-
     if( rec->cid_len != transform->in_cid_len ||
         memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 )
     {
-        /* Silently skip over record with mismatching CID. */
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
+        return( MBEDTLS_ERR_SSL_UNEXPECTED_CID );
     }
 #endif /* MBEDTLS_SSL_CID */
 
@@ -5094,8 +5095,15 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
                                              &rec ) ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
-            if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD )
+
+#if defined(MBEDTLS_SSL_CID)
+            if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID &&
+                ssl->conf->ignore_unexpected_cid
+                    == MBEDTLS_SSL_UNEXPECTED_CID_IGNORE )
+            {
                 ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
+            }
+#endif /* MBEDTLS_SSL_CID */
 
             return( ret );
         }
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 5a5cc149a..60f922f32 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1842,9 +1842,11 @@ int main( int argc, char *argv[] )
 
 
         if( opt.cid_enabled == 1 )
-            ret = mbedtls_ssl_conf_cid_len( &conf, cid_len );
+            ret = mbedtls_ssl_conf_cid( &conf, cid_len,
+                                        MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
         else
-            ret = mbedtls_ssl_conf_cid_len( &conf, cid_renego_len );
+            ret = mbedtls_ssl_conf_cid( &conf, cid_renego_len,
+                                        MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
 
         if( ret != 0 )
         {
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index cc74c83b7..1721daec0 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2727,9 +2727,11 @@ int main( int argc, char *argv[] )
         }
 
         if( opt.cid_enabled == 1 )
-            ret = mbedtls_ssl_conf_cid_len( &conf, cid_len );
+            ret = mbedtls_ssl_conf_cid( &conf, cid_len,
+                                        MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
         else
-            ret = mbedtls_ssl_conf_cid_len( &conf, cid_renego_len );
+            ret = mbedtls_ssl_conf_cid( &conf, cid_renego_len,
+                                        MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
 
         if( ret != 0 )
         {