Add specific SSL error code for unexpected CIDs Currently, the stack silently ignores DTLS frames with an unexpected CID. However, in a system which performs CID-based demultiplexing before passing datagrams to the Mbed TLS stack, unexpected CIDs are a sign of something not working properly, and users might want to know about it. This commit introduces an SSL error code MBEDTLS_ERR_SSL_UNEXPECTED_CID which the stack can return in response to an unexpected CID. It will conditionally be put to use in subsequent commits.

commit: c37c96a3c513c75bb7f599668088c5c164e88483 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Tue May 14 11:02:36 2019 +0100
committer: Hanno Becker <hanno.becker@arm.com> Mon Jun 03 16:07:50 2019 +0100
tree: e41c4b802c4cffe072307428831f35a09d643b7a
parent: b9ec44fcf6cb07f293b6ec967587c33b455831eb [diff] [blame]
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 909258c..b616a73 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -126,6 +126,7 @@
 #define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING               -0x6580  /**< Internal-only message signaling that further message-processing should be done */
 #define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS                 -0x6500  /**< The asynchronous operation is not completed yet. */
 #define MBEDTLS_ERR_SSL_EARLY_MESSAGE                     -0x6480  /**< Internal-only message signaling that a message arrived early. */
+#define MBEDTLS_ERR_SSL_UNEXPECTED_CID                    -0x6000  /**< An encrypted DTLS-frame with an unexpected CID was received. */
 #define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS                -0x7000  /**< A cryptographic operation is in progress. Try again later. */
 
 /*
commit	c37c96a3c513c75bb7f599668088c5c164e88483	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Tue May 14 11:02:36 2019 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Mon Jun 03 16:07:50 2019 +0100
tree	e41c4b802c4cffe072307428831f35a09d643b7a
parent	b9ec44fcf6cb07f293b6ec967587c33b455831eb [diff] [blame]