From 043a2a4869bf9e316c37f8235aa51189e4eab939 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 8 May 2019 13:24:25 +0100 Subject: [PATCH] Remove indicators and warnings about unfinished CID implementation --- include/mbedtls/ssl.h | 17 +++-------------- library/ssl_tls.c | 2 -- tests/ssl-opt.sh | 40 ++++++++++++++++++++-------------------- 3 files changed, 23 insertions(+), 36 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 3ca74a064..d8a5a845d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1447,7 +1447,7 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, /** - * \brief (STUB) Configure the use of the Connection ID (CID) + * \brief Configure the use of the Connection ID (CID) * extension in the next handshake. * * Reference: @@ -1471,11 +1471,6 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, * extension in the next handshake and to set the value of * the CID to be used for incoming messages. * - * \warning The current implementation of this API does nothing! - * It is included solely to allow review and coding against - * the new Connection CID API. - * The actual implementation will be added in the future. - * * \param ssl The SSL context to configure. This must be initialized. * \param enable This value determines whether the CID extension should * be used or not. Possible values are: @@ -1541,15 +1536,9 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, size_t own_cid_len ); /** - * \brief (STUB) Get information about the current use of the + * \brief Get information about the current use of the * CID extension. * - * \warning The current implementation of this API does nothing - * except setting `*enabled` to MBEDTLS_SSL_CID_DISABLED! - * It is included solely to allow review and coding against - * the new Connection CID API. - * The actual implementation will be added in the future. - * * \param ssl The SSL context to query. * \param enabled The address at which to store whether the CID extension * is currently in use or not. If the CID is in use, @@ -2160,7 +2149,7 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_CID) /** - * \brief (STUB) Specify the length of CIDs for incoming encrypted + * \brief Specify the length of CIDs for incoming encrypted * DTLS records. (Default: \c 0) * * \param conf The SSL configuration to modify. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b5aeac174..7b5295816 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -158,8 +158,6 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, return( 0 ); } -/* WARNING: The CID feature isn't fully implemented yet - * and will not be used. */ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, int *enabled, unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ], diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2df3ccb11..3aba31ef8 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1119,7 +1119,7 @@ run_test "Truncated HMAC, DTLS: client enabled, server enabled" \ # changed once the CID extension is implemented. requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client enabled, server disabled" \ +run_test "Connection ID: Client enabled, server disabled" \ "$P_SRV debug_level=3 dtls=1 cid=0" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 0 \ @@ -1135,7 +1135,7 @@ run_test "(STUB) Connection ID: Client enabled, server disabled" \ -c "Use of Connection ID was rejected by the server" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client disabled, server enabled" \ +run_test "Connection ID: Client disabled, server enabled" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ "$P_CLI debug_level=3 dtls=1 cid=0" \ 0 \ @@ -1150,7 +1150,7 @@ run_test "(STUB) Connection ID: Client disabled, server enabled" \ -s "Use of Connection ID was not offered by client" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty" \ +run_test "Connection ID: Client+Server enabled, Client+Server CID nonempty" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef" \ 0 \ @@ -1170,7 +1170,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ +run_test "Connection ID: Client+Server enabled, Client CID empty" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ "$P_CLI debug_level=3 dtls=1 cid=1" \ 0 \ @@ -1190,7 +1190,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ +run_test "Connection ID: Client+Server enabled, Server CID empty" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 0 \ @@ -1210,7 +1210,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty" \ +run_test "Connection ID: Client+Server enabled, Client+Server CID empty" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1" \ 0 \ @@ -1228,7 +1228,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt -C "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CCM-8" \ +run_test "Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 0 \ @@ -1248,7 +1248,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CCM-8" \ +run_test "Connection ID: Client+Server enabled, Client CID empty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 0 \ @@ -1268,7 +1268,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CCM-8" \ +run_test "Connection ID: Client+Server enabled, Server CID empty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 0 \ @@ -1288,7 +1288,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CCM-8" \ +run_test "Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 0 \ @@ -1306,7 +1306,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt -C "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CBC" \ +run_test "Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 0 \ @@ -1326,7 +1326,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CBC" \ +run_test "Connection ID: Client+Server enabled, Client CID empty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 0 \ @@ -1346,7 +1346,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CBC" \ +run_test "Connection ID: Client+Server enabled, Server CID empty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 0 \ @@ -1366,7 +1366,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- -c "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID -run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CBC" \ +run_test "Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 0 \ @@ -1385,7 +1385,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "(STUB) Connection ID: Client+Server enabled, renegotiate without change of CID" \ +run_test "Connection ID: Client+Server enabled, renegotiate without change of CID" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ 0 \ @@ -1400,7 +1400,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, renegotiate without ch requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "(STUB) Connection ID: Client+Server enabled, renegotiate with different CID" \ +run_test "Connection ID: Client+Server enabled, renegotiate with different CID" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \ 0 \ @@ -1415,7 +1415,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, renegotiate with diffe requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "(STUB) Connection ID: Client+Server enabled, renegotiate without CID" \ +run_test "Connection ID: Client+Server enabled, renegotiate without CID" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 0 \ @@ -1430,7 +1430,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, renegotiate without CI requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "(STUB) Connection ID: Client+Server enabled, CID on renegotiation" \ +run_test "Connection ID: Client+Server enabled, CID on renegotiation" \ "$P_SRV debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \ 0 \ @@ -1443,7 +1443,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, CID on renegotiation" requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "(STUB) Connection ID: Client+Server enabled, client disables on renegotiation" \ +run_test "Connection ID: Client+Server enabled, client disables on renegotiation" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 0 \ @@ -1459,7 +1459,7 @@ run_test "(STUB) Connection ID: Client+Server enabled, client disables on ren requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "(STUB) Connection ID: Client+Server enabled, server disables on renegotiation" \ +run_test "Connection ID: Client+Server enabled, server disables on renegotiation" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ 0 \