From 25d6d1a1df3c9ddc077ae62468e4fc5ae06a607d Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 7 Dec 2017 08:22:51 +0000
Subject: [PATCH] Correct record header size in case of TLS

The previous commit reduced the internal header size to 5 bytes in case of
TLS. This is not a valid since in that situation Mbed TLS internally uses the
first 8 bytes of the message buffer for the implicit record sequence number.
---
 include/mbedtls/ssl_internal.h | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 3ce4945650..4764095470 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -158,14 +158,10 @@
 #error Bad configuration - protected record payload too large.
 #endif
 
-#if !defined(MBEDTLS_SSL_PROTO_DTLS)
-/* https://tools.ietf.org/html/rfc5246#section-6.2 */
-#define MBEDTLS_SSL_HEADER_LEN 5
-#else
-/* https://tools.ietf.org/html/rfc6347#section-4.1  */
-/* 8 additional bytes for epoch and sequence number */
+/* Note: Even though the TLS record header is only 5 bytes
+   long, we're internally using 8 bytes to store the
+   implicit sequence number. */
 #define MBEDTLS_SSL_HEADER_LEN 13
-#endif
 
 #define MBEDTLS_SSL_BUFFER_LEN  \
     ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_PAYLOAD_LEN ) )