Fixes for DTLS CID

Per zephyrproject-rtos/zephyr#36738. Updated CID value with latest from: https://www.iana.org/assignments/tls-extensiontype-values/ tls-extensiontype-values.xhtml#tls-extensiontype-values-1 Signed-off-by: Pete Skeggs <peter.skeggs@nordicsemi.no>
plskeggs · Apr 13, 2022 · 123a017 · 123a017
1 parent cefdd99
commit 123a017
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 12 deletions.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
@@ -381,8 +381,12 @@
 
 /* The value of the CID extension is still TBD as of
  * draft-ietf-tls-dtls-connection-id-05
- * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) */
-#define MBEDTLS_TLS_EXT_CID 254 /* TBD */
+ * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
+ * Latest CID value is here:
+ * https://www.iana.org/assignments/tls-extensiontype-values/
+ * tls-extensiontype-values.xhtml#tls-extensiontype-values-1
+ */
+#define MBEDTLS_TLS_EXT_CID 54
 
 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
 

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
@@ -696,7 +696,8 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
  const mbedtls_md_info_t *md_info;
 
 #if !defined(MBEDTLS_SSL_EXPORT_KEYS) && \
- !defined(MBEDTLS_DEBUG_C)
+ !defined(MBEDTLS_DEBUG_C) && \
+ !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* change from: https://github.com/ARMmbed/mbedtls/pull/3991/files */
  ssl = NULL; /* make sure we don't use it except for those cases */
  (void) ssl;
 #endif
@@ -976,9 +977,9 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
  ssl->f_export_keys( ssl->p_export_keys,
  MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET,
  master, 48,
- randbytes + 32,
- randbytes,
- tls_prf_get_type( tls_prf ) );
+  randbytes + 32,
+  randbytes,
+  tls_prf_get_type( tls_prf ) );
  }
 #endif
 
@@ -1717,7 +1718,7 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
  ssl->state++;
  return( 0 );
  }
- }
+  }
 #endif /* MBEDTLS_SSL_CLI_C */
 #if defined(MBEDTLS_SSL_SRV_C)
  if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
@@ -2907,7 +2908,7 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
  return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
  }
 
- hash_len = 12;
+  hash_len = 12;
 
  if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED )
  {
@@ -3466,7 +3467,7 @@ void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
 
 #if defined(MBEDTLS_SSL_SRV_C)
 void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
-  void *p_cache,
+ void *p_cache,
  mbedtls_ssl_cache_get_t *f_get_cache,
  mbedtls_ssl_cache_set_t *f_set_cache )
 {
@@ -3503,7 +3504,7 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
 #endif /* MBEDTLS_SSL_CLI_C */
 
 void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
-  const int *ciphersuites )
+ const int *ciphersuites )
 {
  conf->ciphersuite_list = ciphersuites;
 }
@@ -4172,8 +4173,8 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
 
 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
 void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl,
-  mbedtls_ssl_export_keys_t *f_export_keys,
-  void *p_export_keys )
+ mbedtls_ssl_export_keys_t *f_export_keys,
+ void *p_export_keys )
 {
  ssl->f_export_keys = f_export_keys;
  ssl->p_export_keys = p_export_keys;