Function esp_idf_sys::mbedtls_ssl_check_record

source ·

pub unsafe extern "C" fn mbedtls_ssl_check_record(
    ssl: *const mbedtls_ssl_context,
    buf: *mut c_uchar,
    buflen: usize
) -> c_int

Expand description

\brief Check whether a buffer contains a valid and authentic record that has not been seen before. (DTLS only).

            This function does not change the user-visible state
            of the SSL context. Its sole purpose is to provide
            an indication of the legitimacy of an incoming record.

            This can be useful e.g. in distributed server environments
            using the DTLS Connection ID feature, in which connections
            might need to be passed between service instances on a change
            of peer address, but where such disruptive operations should
            only happen after the validity of incoming records has been
            confirmed.

\param ssl The SSL context to use. \param buf The address of the buffer holding the record to be checked. This must be a read/write buffer of length \p buflen Bytes. \param buflen The length of \p buf in Bytes.

\note This routine only checks whether the provided buffer begins with a valid and authentic record that has not been seen before, but does not check potential data following the initial record. In particular, it is possible to pass DTLS datagrams containing multiple records, in which case only the first record is checked.

\note This function modifies the input buffer \p buf. If you need to preserve the original record, you have to maintain a copy.

\return \c 0 if the record is valid and authentic and has not been seen before. \return MBEDTLS_ERR_SSL_INVALID_MAC if the check completed successfully but the record was found to be not authentic. \return MBEDTLS_ERR_SSL_INVALID_RECORD if the check completed successfully but the record was found to be invalid for a reason different from authenticity checking. \return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD if the check completed successfully but the record was found to be unexpected in the state of the SSL context, including replayed records. \return Another negative error code on different kinds of failure. In this case, the SSL context becomes unusable and needs to be freed or reset before reuse.