From 95e4bbcf6cd91158b4eb17eed364f5bc20ab9f0a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 9 May 2019 11:38:24 +0100 Subject: [PATCH] Fix additional data calculation if CID is disabled In contrast to other aspects of the Connection ID extension, the CID-based additional data for MAC computations differs from the non-CID case even if the CID length is 0, because it includes the CID length. --- library/ssl_tls.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c111e9471..d139489a1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2069,16 +2069,21 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, memcpy( add_data + 9, rec->ver, sizeof( rec->ver ) ); #if defined(MBEDTLS_SSL_CID) - memcpy( add_data + 11, rec->cid, rec->cid_len ); - add_data[11 + rec->cid_len + 0] = rec->cid_len; - add_data[11 + rec->cid_len + 1] = ( rec->data_len >> 8 ) & 0xFF; - add_data[11 + rec->cid_len + 2] = ( rec->data_len >> 0 ) & 0xFF; - *add_data_len = 13 + 1 + rec->cid_len; -#else /* MBEDTLS_SSL_CID */ - add_data[11 + 0] = ( rec->data_len >> 8 ) & 0xFF; - add_data[11 + 1] = ( rec->data_len >> 0 ) & 0xFF; - *add_data_len = 13; + if( rec->cid_len != 0 ) + { + memcpy( add_data + 11, rec->cid, rec->cid_len ); + add_data[11 + rec->cid_len + 0] = rec->cid_len; + add_data[11 + rec->cid_len + 1] = ( rec->data_len >> 8 ) & 0xFF; + add_data[11 + rec->cid_len + 2] = ( rec->data_len >> 0 ) & 0xFF; + *add_data_len = 13 + 1 + rec->cid_len; + } + else #endif /* MBEDTLS_SSL_CID */ + { + add_data[11 + 0] = ( rec->data_len >> 8 ) & 0xFF; + add_data[11 + 1] = ( rec->data_len >> 0 ) & 0xFF; + *add_data_len = 13; + } } int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,