Fix bug when legacy CID is enabled but not used

When legacy CID is enabled at compile time, but not used at runtime, we
would incorrectly skip the sequence number at the beginning of the AAD.

There was already two "else" branches for writing the sequence number
but none of them was taken in that particular case.

Simplify the structure of the code: with TLS 1.2 (we're already in that
branch), we always write the sequence number, unless we're using
standard CID.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2022-11-25 11:12:38 +01:00
parent db01d05011
commit 61336848a9

View File

@ -551,9 +551,8 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
((void) tls_version);
((void) taglen);
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#if MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
if( rec->cid_len != 0 )
{
// seq_num_placeholder
@ -569,17 +568,12 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
cur++;
}
else
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
{
// epoch + sequence number
memcpy( cur, rec->ctr, sizeof( rec->ctr ) );
cur += sizeof( rec->ctr );
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 */
#else
// epoch + sequence number
memcpy(cur, rec->ctr, sizeof(rec->ctr));
cur += sizeof(rec->ctr);
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
}
// type