From 065a1c8e3d4c0b8a42f3d99405d7bbc7853fe257 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 24 Apr 2021 13:35:41 +0200 Subject: [PATCH] Allow configuring MBEDTLS_TLS_EXT_CID at compile time The numerical identifier of the CID extension hasn't been settled yet and different implementations use values from different drafts. Allow configuring the value at compile time. Signed-off-by: Gilles Peskine --- ChangeLog.d/tls_ext_cid-config.txt | 3 +++ include/mbedtls/config.h | 11 +++++++++++ include/mbedtls/ssl.h | 8 +++++++- programs/test/query_config.c | 8 ++++++++ 4 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/tls_ext_cid-config.txt diff --git a/ChangeLog.d/tls_ext_cid-config.txt b/ChangeLog.d/tls_ext_cid-config.txt new file mode 100644 index 000000000..b7b1e7244 --- /dev/null +++ b/ChangeLog.d/tls_ext_cid-config.txt @@ -0,0 +1,3 @@ +Features + * The identifier of the CID TLS extension can be configured by defining + MBEDTLS_TLS_EXT_CID at compile time. diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 62d89c977..072346329 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3863,6 +3863,17 @@ //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ +/** \def MBEDTLS_TLS_EXT_CID + * + * At the time of writing, the CID extension has not been assigned its + * final value. Set this configuration option to make Mbed TLS use a + * different value. + * + * A future minor revision of Mbed TLS may change the default value of + * this option to match evolving standards and usage. + */ +//#define MBEDTLS_TLS_EXT_CID 254 + /** * Complete list of ciphersuites to use, in order of preference. * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7815ad9d0..d451da75b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -412,8 +412,14 @@ /* The value of the CID extension is still TBD as of * draft-ietf-tls-dtls-connection-id-05 - * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) */ + * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05). + * + * A future minor revision of Mbed TLS may change the default value of + * this option to match evolving standards and usage. + */ +#if !defined(MBEDTLS_TLS_EXT_CID) #define MBEDTLS_TLS_EXT_CID 254 /* TBD */ +#endif #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */ diff --git a/programs/test/query_config.c b/programs/test/query_config.c index 9760f626c..83823884e 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -2762,6 +2762,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_COOKIE_TIMEOUT */ +#if defined(MBEDTLS_TLS_EXT_CID) + if( strcmp( "MBEDTLS_TLS_EXT_CID", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_TLS_EXT_CID ); + return( 0 ); + } +#endif /* MBEDTLS_TLS_EXT_CID */ + #if defined(MBEDTLS_X509_MAX_INTERMEDIATE_CA) if( strcmp( "MBEDTLS_X509_MAX_INTERMEDIATE_CA", config ) == 0 ) {