Add accessor for own cid to ssl context
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
diff --git a/ChangeLog.d/add_own_cid_accessors b/ChangeLog.d/add_own_cid_accessors
new file mode 100644
index 0000000..fb02868
--- /dev/null
+++ b/ChangeLog.d/add_own_cid_accessors
@@ -0,0 +1,4 @@
+Features
+ * Add the function mbedtls_ssl_get_own_cid() to access our own connection id
+ within mbedtls_ssl_context, as requested in #5184
+
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 1c631b5..d712012 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -1317,8 +1317,9 @@
* in the underlying transport.
*
* Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
- * `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`.
- * See the corresponding documentation for more information.
+ * mbedtls_ssl_get_own_cid()`, `mbedtls_ssl_get_peer_cid()` and
+ * `mbedtls_ssl_conf_cid()`. See the corresponding documentation for
+ * more information.
*
* \warning The Connection ID extension is still in draft state.
* We make no stability promises for the availability
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index b819bba..16857e8 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2024,6 +2024,40 @@
size_t own_cid_len );
/**
+ * \brief Get information about our request for usage of the CID
+ * extension in the current connection.
+ *
+ * \param ssl The SSL context to query.
+ * \param enabled The address at which to store whether the CID extension
+ * is requested to be used or not. If the CID is
+ * requested, `*enabled` is set to
+ * MBEDTLS_SSL_CID_ENABLED; otherwise, it is set to
+ * MBEDTLS_SSL_CID_DISABLED.
+ * \param own_cid The address of the buffer in which to store our own
+ * CID (if the CID extension is requested). This may be
+ * \c NULL in case the value of our CID isn't needed. If
+ * it is not \c NULL, \p own_cid_len must not be \c NULL.
+ * \param own_cid_len The address at which to store the size of our own CID
+ * (if the CID extension is requested). This is also the
+ * number of Bytes in \p own_cid that have been written.
+ * This may be \c NULL in case the length of our own CID
+ * isn't needed. If it is \c NULL, \p own_cid must be
+ * \c NULL, too.
+ *
+ *\note If we are requesting an empty CID this function sets
+ * `*enabled` to #MBEDTLS_SSL_CID_DISABLED (the rationale
+ * for this is that the resulting outcome is the
+ * same as if the CID extensions wasn't requested).
+ *
+ * \return \c 0 on success.
+ * \return A negative error code on failure.
+ */
+int mbedtls_ssl_get_own_cid( mbedtls_ssl_context *ssl,
+ int *enabled,
+ unsigned char own_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX],
+ size_t *own_cid_len );
+
+/**
* \brief Get information about the use of the CID extension
* in the current connection.
*
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0177add..8db92c2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -112,6 +112,34 @@
return( 0 );
}
+int mbedtls_ssl_get_own_cid( mbedtls_ssl_context *ssl,
+ int *enabled,
+ unsigned char own_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX],
+ size_t *own_cid_len )
+{
+ *enabled = MBEDTLS_SSL_CID_DISABLED;
+
+ if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ /* We report MBEDTLS_SSL_CID_DISABLED in case the CID length is
+ * zero as this is indistinguishable from not requesting to use
+ * the CID extension. */
+ if( ssl->own_cid_len == 0 || ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
+ return( 0 );
+
+ if( own_cid_len != NULL )
+ {
+ *own_cid_len = ssl->own_cid_len;
+ if( own_cid != NULL )
+ memcpy( own_cid, ssl->own_cid, ssl->own_cid_len );
+ }
+
+ *enabled = MBEDTLS_SSL_CID_ENABLED;
+
+ return( 0 );
+}
+
int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
int *enabled,
unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ],