Allow passing NULL pointers to mbedtls_ssl_get_peer_cid()

This commit modifies mbedtls_ssl_get_peer_cid() to also allow passing
NULL pointers in the arguments for the peer's CID value and length, in
case this information is needed.

For example, some users might only be interested in whether the use of
the CID was negotiated, in which case both CID value and length pointers
can be set to NULL. Other users might only be interested in confirming
that the use of CID was negotiated and the peer chose the empty CID,
in which case the CID value pointer only would be set to NULL.
It doesn't make sense to pass a NULL pointer for the CID length but a
non-NULL pointer for the CID value, as the caller has no way of telling
the length of the returned CID - and this case is therefore forbidden.
This commit is contained in:
Hanno Becker 2019-05-22 16:50:35 +01:00
parent 8c07beeb84
commit 615ef17b67
2 changed files with 15 additions and 3 deletions

View File

@ -1636,10 +1636,16 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
* otherwise, it is set to MBEDTLS_SSL_CID_DISABLED.
* \param peer_cid The address of the buffer in which to store the CID
* chosen by the peer (if the CID extension is used).
* This may be \c NULL in case the value of peer CID
* isn't needed. If it is not \c NULL, \p peer_cid_len
* must not be \c NULL.
* \param peer_cid_len The address at which to store the size of the CID
* chosen by the peer (if the CID extension is used).
* This is also the number of Bytes in \p peer_cid that
* have been written.
* This may be \c NULL in case the length of the peer CID
* isn't needed. If it is \c NULL, \p peer_cid must be
* \c NULL, too.
*
* \note This applies to the state of the CID negotiated in
* the last complete handshake. If a handshake is in

View File

@ -194,9 +194,15 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
return( 0 );
}
*peer_cid_len = ssl->transform_in->out_cid_len;
memcpy( peer_cid, ssl->transform_in->out_cid,
ssl->transform_in->out_cid_len );
if( peer_cid_len != NULL )
{
*peer_cid_len = ssl->transform_in->out_cid_len;
if( peer_cid != NULL )
{
memcpy( peer_cid, ssl->transform_in->out_cid,
ssl->transform_in->out_cid_len );
}
}
*enabled = MBEDTLS_SSL_CID_ENABLED;