Add specific SSL error code for unexpected CIDs Currently, the stack silently ignores DTLS frames with an unexpected CID. However, in a system which performs CID-based demultiplexing before passing datagrams to the Mbed TLS stack, unexpected CIDs are a sign of something not working properly, and users might want to know about it. This commit introduces an SSL error code MBEDTLS_ERR_SSL_UNEXPECTED_CID which the stack can return in response to an unexpected CID. It will conditionally be put to use in subsequent commits.

commit: c37c96a3c513c75bb7f599668088c5c164e88483 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Tue May 14 11:02:36 2019 +0100
committer: Hanno Becker <hanno.becker@arm.com> Mon Jun 03 16:07:50 2019 +0100
tree: e41c4b802c4cffe072307428831f35a09d643b7a
parent: b9ec44fcf6cb07f293b6ec967587c33b455831eb [diff] [blame]
diff --git a/library/error.c b/library/error.c
index 608423b..e401a84 100644
--- a/library/error.c
+++ b/library/error.c

@@ -523,6 +523,8 @@
             mbedtls_snprintf( buf, buflen, "SSL - The asynchronous operation is not completed yet" );
         if( use_ret == -(MBEDTLS_ERR_SSL_EARLY_MESSAGE) )
             mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that a message arrived early" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_UNEXPECTED_CID) )
+            mbedtls_snprintf( buf, buflen, "SSL - An encrypted DTLS-frame with an unexpected CID was received" );
         if( use_ret == -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) )
             mbedtls_snprintf( buf, buflen, "SSL - A cryptographic operation is in progress. Try again later" );
 #endif /* MBEDTLS_SSL_TLS_C */
commit	c37c96a3c513c75bb7f599668088c5c164e88483	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Tue May 14 11:02:36 2019 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Mon Jun 03 16:07:50 2019 +0100
tree	e41c4b802c4cffe072307428831f35a09d643b7a
parent	b9ec44fcf6cb07f293b6ec967587c33b455831eb [diff] [blame]