From 61336848a922d29e45b06e79e3058be2a1a5a1b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 25 Nov 2022 11:12:38 +0100 Subject: [PATCH] Fix bug when legacy CID is enabled but not used MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When legacy CID is enabled at compile time, but not used at runtime, we would incorrectly skip the sequence number at the beginning of the AAD. There was already two "else" branches for writing the sequence number but none of them was taken in that particular case. Simplify the structure of the code: with TLS 1.2 (we're already in that branch), we always write the sequence number, unless we're using standard CID. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_msg.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 58e6af2a5..c523b8249 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -551,9 +551,8 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, ((void) tls_version); ((void) taglen); -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - -#if MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ + MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 if( rec->cid_len != 0 ) { // seq_num_placeholder @@ -569,17 +568,12 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, cur++; } else +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ { // epoch + sequence number memcpy( cur, rec->ctr, sizeof( rec->ctr ) ); cur += sizeof( rec->ctr ); } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 */ -#else - // epoch + sequence number - memcpy(cur, rec->ctr, sizeof(rec->ctr)); - cur += sizeof(rec->ctr); -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ } // type