diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6ffa19bf5..8a09a82cb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -724,11 +724,14 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) ); - transform->in_cid_len = ssl->own_cid_len; - transform->out_cid_len = ssl->handshake->peer_cid_len; - memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len ); - memcpy( transform->out_cid, ssl->handshake->peer_cid, - ssl->handshake->peer_cid_len ); + + /* Uncomment this once CID-parsing and support for a change + * record content type during record decryption are added. */ + /* transform->in_cid_len = ssl->own_cid_len; */ + /* transform->out_cid_len = ssl->handshake->peer_cid_len; */ + /* memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len ); */ + /* memcpy( transform->out_cid, ssl->handshake->peer_cid, */ + /* ssl->handshake->peer_cid_len ); */ MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid, transform->out_cid_len ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 60879b566..6b6c4aebb 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1163,11 +1163,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -c "Peer CID (length 2 Bytes): de ad" \ +# -s "Peer CID (length 2 Bytes): be ef" +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ @@ -1183,11 +1184,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -c "Peer CID (length 4 Bytes): de ad be ef" \ - -s "Peer CID (length 0 Bytes):" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -c "Peer CID (length 4 Bytes): de ad be ef" \ +# -s "Peer CID (length 0 Bytes):" \ +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ @@ -1203,11 +1205,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -s "Peer CID (length 4 Bytes): de ad be ef" \ - -c "Peer CID (length 0 Bytes):" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -s "Peer CID (length 4 Bytes): de ad be ef" \ +# -c "Peer CID (length 0 Bytes):" +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty" \ @@ -1241,11 +1244,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -c "Peer CID (length 2 Bytes): de ad" \ +# -s "Peer CID (length 2 Bytes): be ef" \ +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CCM-8" \ @@ -1261,11 +1265,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -c "Peer CID (length 4 Bytes): de ad be ef" \ - -s "Peer CID (length 0 Bytes):" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -c "Peer CID (length 4 Bytes): de ad be ef" \ +# -s "Peer CID (length 0 Bytes):" \ +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CCM-8" \ @@ -1281,11 +1286,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -s "Peer CID (length 4 Bytes): de ad be ef" \ - -c "Peer CID (length 0 Bytes):" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -s "Peer CID (length 4 Bytes): de ad be ef" \ +# -c "Peer CID (length 0 Bytes):" \ +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CCM-8" \ @@ -1319,11 +1325,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -c "Peer CID (length 2 Bytes): de ad" \ +# -s "Peer CID (length 2 Bytes): be ef" \ +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CBC" \ @@ -1339,11 +1346,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -c "Peer CID (length 4 Bytes): de ad be ef" \ - -s "Peer CID (length 0 Bytes):" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -c "Peer CID (length 4 Bytes): de ad be ef" \ +# -s "Peer CID (length 0 Bytes):" \ +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CBC" \ @@ -1359,11 +1367,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -s "Peer CID (length 4 Bytes): de ad be ef" \ - -c "Peer CID (length 0 Bytes):" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -s "Peer CID (length 4 Bytes): de ad be ef" \ +# -c "Peer CID (length 0 Bytes):" \ +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CBC" \ @@ -1398,11 +1407,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, renegotiate" \ -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" + -c "Copy CIDs into SSL transform" +# Uncomment once CID is fully implemented +# -c "Peer CID (length 2 Bytes): de ad" \ +# -s "Peer CID (length 2 Bytes): be ef" +# -s "Use of Connection ID has been negotiated" \ +# -c "Use of Connection ID has been negotiated" \ # Tests for Encrypt-then-MAC extension