Don't fail on record with unexpected CID This commit changes the stack's behaviour when facing a record with a non-matching CID. Previously, the stack failed in this case, while now we silently skip over the current record.

commit: 16ded98befc372285b14d5aa6009d7c713db4823 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Wed May 08 13:02:55 2019 +0100
committer: Hanno Becker <hanno.becker@arm.com> Mon Jun 03 16:07:50 2019 +0100
tree: a3478e60227c874fd46b80390f5f319422968f43
parent: 938489a1bce58a8cc3fab6d238c9eb1781e78089 [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 074bf9c..57e05e8 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -2576,7 +2576,8 @@
     if( rec->cid_len != transform->in_cid_len ||
         memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 )
     {
-        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        /* Silently skip over record with mismatching CID. */
+        return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
     }
 #endif /* MBEDTLS_SSL_CID */
 
@@ -5095,6 +5096,9 @@
                                              &rec ) ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
+            if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD )
+                ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
+
             return( ret );
         }
commit	16ded98befc372285b14d5aa6009d7c713db4823	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Wed May 08 13:02:55 2019 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Mon Jun 03 16:07:50 2019 +0100
tree	a3478e60227c874fd46b80390f5f319422968f43
parent	938489a1bce58a8cc3fab6d238c9eb1781e78089 [diff] [blame]