Allow configuration of ConnectionID at compile-time

Introduces - MBEDTLS_SSL_CONF_CID_LEN and - MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID to control - the length of incoming CIDs - the behaviour in receipt of unexpected CIDs at compile-time. Impact on code-size: | | GCC 82.1 | ARMC5 5.06 | ARMC6 6.12 | | --- | --- | --- | --- | | `libmbedtls.a` before | 23223 | 23865 | 26775 | | `libmbedtls.a` after | 23147 | 23781 | 26703 | | gain in Bytes | 76 | 84 | 72 |
2026-04-04 22:19:05 +00:00 · 2019-06-13 09:23:43 +01:00 · 2019-06-13 09:23:43 +01:00 · e0200dad63
commit e0200dad63
parent b0b2b67568
9 changed files with 109 additions and 12 deletions
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@ -2610,6 +2610,22 @@ int query_config( const char *config )
    }
 #endif /* MBEDTLS_SSL_CONF_BADMAC_LIMIT */

+#if defined(MBEDTLS_SSL_CONF_CID_LEN)
+    if( strcmp( "MBEDTLS_SSL_CONF_CID_LEN", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_CID_LEN );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_CONF_CID_LEN */
+
+#if defined(MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID)
+    if( strcmp( "MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */
+
 #if defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET)
    if( strcmp( "MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET", config ) == 0 )
    {
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -1672,7 +1672,9 @@ int main( int argc, char *argv[] )
    memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
 #endif /* MBEDTLS_X509_CRT_PARSE_C */

-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
+    !defined(MBEDTLS_SSL_CONF_CID_LEN) &&      \
+    !defined(MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID)
    if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
    {
        if( opt.cid_enabled == 1        &&
@ -1697,7 +1699,9 @@ int main( int argc, char *argv[] )
            goto exit;
        }
    }
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID &&
+          !MBEDTLS_SSL_CONF_CID_LEN &&
+          !MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */

    if( opt.auth_mode != DFL_AUTH_MODE )
        mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -2489,7 +2489,9 @@ int main( int argc, char *argv[] )
    };
 #endif

-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
+    !defined(MBEDTLS_SSL_CONF_CID_LEN) &&      \
+    !defined(MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID)
    if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
    {
        if( opt.cid_enabled == 1        &&
@ -2514,7 +2516,9 @@ int main( int argc, char *argv[] )
            goto exit;
        }
    }
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID &&
+          !MBEDTLS_SSL_CONF_CID_LEN &&
+          !MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */

 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
    if( opt.trunc_hmac != DFL_TRUNC_HMAC )