mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-04-02 07:20:26 +00:00
Fix bug when legacy CID is enabled but not used
When legacy CID is enabled at compile time, but not used at runtime, we would incorrectly skip the sequence number at the beginning of the AAD. There was already two "else" branches for writing the sequence number but none of them was taken in that particular case. Simplify the structure of the code: with TLS 1.2 (we're already in that branch), we always write the sequence number, unless we're using standard CID. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
parent
db01d05011
commit
61336848a9
@ -551,9 +551,8 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
||||
((void) tls_version);
|
||||
((void) taglen);
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
|
||||
#if MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
|
||||
MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
|
||||
if( rec->cid_len != 0 )
|
||||
{
|
||||
// seq_num_placeholder
|
||||
@ -569,17 +568,12 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
||||
cur++;
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
{
|
||||
// epoch + sequence number
|
||||
memcpy( cur, rec->ctr, sizeof( rec->ctr ) );
|
||||
cur += sizeof( rec->ctr );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 */
|
||||
#else
|
||||
// epoch + sequence number
|
||||
memcpy(cur, rec->ctr, sizeof(rec->ctr));
|
||||
cur += sizeof(rec->ctr);
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
}
|
||||
|
||||
// type
|
||||
|
Loading…
x
Reference in New Issue
Block a user