Fix bug when legacy CID is enabled but not used

When legacy CID is enabled at compile time, but not used at runtime, we would incorrectly skip the sequence number at the beginning of the AAD. There was already two "else" branches for writing the sequence number but none of them was taken in that particular case. Simplify the structure of the code: with TLS 1.2 (we're already in that branch), we always write the sequence number, unless we're using standard CID. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2025-04-02 07:20:26 +00:00 · 2022-11-25 11:12:38 +01:00 · 2022-11-25 11:12:38 +01:00 · 61336848a9
commit 61336848a9
parent db01d05011
1 changed files with 3 additions and 9 deletions
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@ -551,9 +551,8 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
        ((void) tls_version);
        ((void) taglen);

-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-
-#if MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
+    MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
        if( rec->cid_len != 0 )
        {
            // seq_num_placeholder
@ -569,17 +568,12 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
            cur++;
        }
        else
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
        {
            // epoch + sequence number
            memcpy( cur, rec->ctr, sizeof( rec->ctr ) );
            cur += sizeof( rec->ctr );
        }
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 */
-#else
-        // epoch + sequence number
-        memcpy(cur, rec->ctr, sizeof(rec->ctr));
-        cur += sizeof(rec->ctr);
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
    }

    // type