diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ec4a15c45..3ca74a064 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1106,6 +1106,10 @@ struct mbedtls_ssl_context TLS: maintained by us DTLS: read from peer */ unsigned char *in_hdr; /*!< start of record header */ +#if defined(MBEDTLS_SSL_CID) + unsigned char *in_cid; /*!< The start of the CID; + * (the end is marked by in_len). */ +#endif /* MBEDTLS_SSL_CID */ unsigned char *in_len; /*!< two-bytes message length field */ unsigned char *in_iv; /*!< ivlen-byte IV */ unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */ @@ -1142,6 +1146,10 @@ struct mbedtls_ssl_context unsigned char *out_buf; /*!< output buffer */ unsigned char *out_ctr; /*!< 64-bit outgoing message counter */ unsigned char *out_hdr; /*!< start of record header */ +#if defined(MBEDTLS_SSL_CID) + unsigned char *out_cid; /*!< The start of the CID; + * (the end is marked by in_len). */ +#endif /* MBEDTLS_SSL_CID */ unsigned char *out_len; /*!< two-bytes message length field */ unsigned char *out_iv; /*!< ivlen-byte IV */ unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 73dc2e27e..1529d659b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3755,6 +3755,9 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } +#if defined(MBEDTLS_SSL_CID ) + memcpy( ssl->out_cid, rec.cid, rec.cid_len ); +#endif /* MBEDTLS_SSL_CID */ ssl->out_msglen = len = rec.data_len; ssl->out_len[0] = (unsigned char)( rec.data_len >> 8 ); ssl->out_len[1] = (unsigned char)( rec.data_len ); @@ -4615,6 +4618,10 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) - ( ssl->in_iv - ssl->in_buf ); rec.data_len = ssl->in_msglen; rec.data_offset = 0; +#if defined(MBEDTLS_SSL_CID ) + rec.cid_len = ssl->in_len - ssl->in_cid; + memcpy( rec.cid, ssl->in_cid, rec.cid_len ); +#endif /* MBEDTLS_SSL_CID */ memcpy( &rec.ctr[0], ssl->in_ctr, 8 ); mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, @@ -7220,8 +7227,15 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl, if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { ssl->out_ctr = ssl->out_hdr + 3; - ssl->out_len = ssl->out_hdr + 11; - ssl->out_iv = ssl->out_hdr + 13; +#if defined(MBEDTLS_SSL_CID) + ssl->out_cid = ssl->out_ctr + 8; + ssl->out_len = ssl->out_cid; + if( transform != NULL ) + ssl->out_len += transform->out_cid_len; +#else /* MBEDTLS_SSL_CID */ + ssl->out_len = ssl->out_ctr + 8; +#endif /* MBEDTLS_SSL_CID */ + ssl->out_iv = ssl->out_len + 2; } else #endif @@ -7264,9 +7278,18 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { + /* This sets the header pointers to match records + * without CID. When we receive a record containing + * a CID, the fields are shifted accordingly in + * ssl_parse_record_header(). */ ssl->in_ctr = ssl->in_hdr + 3; - ssl->in_len = ssl->in_hdr + 11; - ssl->in_iv = ssl->in_hdr + 13; +#if defined(MBEDTLS_SSL_CID) + ssl->in_cid = ssl->in_ctr + 8; + ssl->in_len = ssl->in_cid; /* Default: no CID */ +#else /* MBEDTLS_SSL_CID */ + ssl->in_len = ssl->in_ctr + 8; +#endif /* MBEDTLS_SSL_CID */ + ssl->in_iv = ssl->in_len + 2; } else #endif