Fix bug when legacy CID is enabled but not used
When legacy CID is enabled at compile time, but not used at runtime, we
would incorrectly skip the sequence number at the beginning of the AAD.
There was already two "else" branches for writing the sequence number
but none of them was taken in that particular case.
Simplify the structure of the code: with TLS 1.2 (we're already in that
branch), we always write the sequence number, unless we're using
standard CID.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 58e6af2..c523b82 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -551,9 +551,8 @@
((void) tls_version);
((void) taglen);
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-
-#if MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
+ MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
if( rec->cid_len != 0 )
{
// seq_num_placeholder
@@ -569,17 +568,12 @@
cur++;
}
else
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
{
// epoch + sequence number
memcpy( cur, rec->ctr, sizeof( rec->ctr ) );
cur += sizeof( rec->ctr );
}
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 */
-#else
- // epoch + sequence number
- memcpy(cur, rec->ctr, sizeof(rec->ctr));
- cur += sizeof(rec->ctr);
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
}
// type