Do not encrypt CCS records According to the TLS 1.3 standard the CCS records must be unencrypted. When a record is not encrypted the counter, used in the dynamic IV creation, is not incremented. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>

commit: 96ec83138540d7399d9e17a68f304425661ee9e5 [log] [tgz]
author: Gabor Mezei <gabor.mezei@arm.com> Wed Jun 22 13:17:28 2022 +0200
committer: Gabor Mezei <gabor.mezei@arm.com> Wed Jun 22 17:07:21 2022 +0200
tree: 8d150aabeb2e46820efe33024445f86304357d16
parent: 7e2dbafe2deee55a93ba1d782fe1cfdaee9aff12 [diff] [blame]
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index f508bca..c7a9a09 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c

@@ -1341,7 +1341,7 @@
     ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
 
     /* Dispatch message */
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_record( ssl, 0 ) );
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_record( ssl, 0, 0 ) );
 
 cleanup:
commit	96ec83138540d7399d9e17a68f304425661ee9e5	[log] [tgz]
author	Gabor Mezei <gabor.mezei@arm.com>	Wed Jun 22 13:17:28 2022 +0200
committer	Gabor Mezei <gabor.mezei@arm.com>	Wed Jun 22 17:07:21 2022 +0200
tree	8d150aabeb2e46820efe33024445f86304357d16
parent	7e2dbafe2deee55a93ba1d782fe1cfdaee9aff12 [diff] [blame]