diff --git a/library/ssl_tls.c b/library/ssl_tls.c index af8bfde6a..c558a848a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -956,11 +956,14 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) ); - transform->in_cid_len = ssl->own_cid_len; - transform->out_cid_len = ssl->handshake->peer_cid_len; - memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len ); - memcpy( transform->out_cid, ssl->handshake->peer_cid, - ssl->handshake->peer_cid_len ); + + /* Uncomment this once CID-parsing and support for a change + * record content type during record decryption are added. */ + /* transform->in_cid_len = ssl->own_cid_len; */ + /* transform->out_cid_len = ssl->handshake->peer_cid_len; */ + /* memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len ); */ + /* memcpy( transform->out_cid, ssl->handshake->peer_cid, */ + /* ssl->handshake->peer_cid_len ); */ MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid, transform->out_cid_len ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index de0653241..bf8693d6f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1321,11 +1321,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -c "Peer CID (length 2 Bytes): de ad" \ +# -s "Peer CID (length 2 Bytes): be ef" +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ @@ -1341,11 +1342,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -c "Peer CID (length 4 Bytes): de ad be ef" \ - -s "Peer CID (length 0 Bytes):" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -c "Peer CID (length 4 Bytes): de ad be ef" \ +# -s "Peer CID (length 0 Bytes):" \ +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ @@ -1361,11 +1363,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -s "Peer CID (length 4 Bytes): de ad be ef" \ - -c "Peer CID (length 0 Bytes):" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -s "Peer CID (length 4 Bytes): de ad be ef" \ +# -c "Peer CID (length 0 Bytes):" +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty" \ @@ -1399,11 +1402,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -c "Peer CID (length 2 Bytes): de ad" \ +# -s "Peer CID (length 2 Bytes): be ef" \ +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CCM-8" \ @@ -1419,11 +1423,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -c "Peer CID (length 4 Bytes): de ad be ef" \ - -s "Peer CID (length 0 Bytes):" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -c "Peer CID (length 4 Bytes): de ad be ef" \ +# -s "Peer CID (length 0 Bytes):" \ +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CCM-8" \ @@ -1439,11 +1444,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -s "Peer CID (length 4 Bytes): de ad be ef" \ - -c "Peer CID (length 0 Bytes):" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -s "Peer CID (length 4 Bytes): de ad be ef" \ +# -c "Peer CID (length 0 Bytes):" \ +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CCM-8" \ @@ -1477,11 +1483,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -c "Peer CID (length 2 Bytes): de ad" \ +# -s "Peer CID (length 2 Bytes): be ef" \ +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CBC" \ @@ -1497,11 +1504,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -c "Peer CID (length 4 Bytes): de ad be ef" \ - -s "Peer CID (length 0 Bytes):" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -c "Peer CID (length 4 Bytes): de ad be ef" \ +# -s "Peer CID (length 0 Bytes):" \ +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CBC" \ @@ -1517,11 +1525,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -s "Peer CID (length 4 Bytes): de ad be ef" \ - -c "Peer CID (length 0 Bytes):" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -s "Peer CID (length 4 Bytes): de ad be ef" \ +# -c "Peer CID (length 0 Bytes):" \ +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CBC" \ @@ -1556,11 +1565,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, renegotiate" \ -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -c "Peer CID (length 2 Bytes): de ad" \ +# -s "Peer CID (length 2 Bytes): be ef" +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ # Tests for Encrypt-then-MAC extension