Re-enable CID comparison when decrypting CID-based records

commit: 938489a1bce58a8cc3fab6d238c9eb1781e78089 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Wed May 08 13:02:22 2019 +0100
committer: Hanno Becker <hanno.becker@arm.com> Mon Jun 03 16:07:50 2019 +0100
tree: 2672e983953b6cb0ce160a93affa64d22ee11230
parent: ca59c2b486a04dd41b97bd03f10081c457a938ec [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 968ce13..074bf9c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -2573,17 +2573,11 @@
      * Match record's CID with incoming CID.
      */
 
-    /* Uncomment this once CID parsing is in place */
-    /* if( rec->cid_len != transform->in_cid_len || */
-    /*     memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 ) */
-    /* { */
-    /*     return( MBEDTLS_ERR_SSL_INVALID_RECORD ); */
-    /* } */
-
-    /* Remove this once CID parsing is in place */
-    rec->cid_len = transform->in_cid_len;
-    memcpy( rec->cid, transform->in_cid, transform->in_cid_len );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "CID", rec->cid, rec->cid_len );
+    if( rec->cid_len != transform->in_cid_len ||
+        memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 )
+    {
+        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+    }
 #endif /* MBEDTLS_SSL_CID */
 
 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
commit	938489a1bce58a8cc3fab6d238c9eb1781e78089	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Wed May 08 13:02:22 2019 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Mon Jun 03 16:07:50 2019 +0100
tree	2672e983953b6cb0ce160a93affa64d22ee11230
parent	ca59c2b486a04dd41b97bd03f10081c457a938ec [diff] [blame]