Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / 43c24b8da93e1b75517913a547e3790671849b3d^! / .
commit43c24b8da93e1b75517913a547e3790671849b3d[log] [tgz]
authorHanno Becker <hanno.becker@arm.com>Wed May 01 09:45:57 2019 +0100
committerHanno Becker <hanno.becker@arm.com>Mon Jun 03 14:47:36 2019 +0100
tree015c17e40adf7f8f3d3ae342ac7ace3f2b0f6659
parentf44e55de5eb57f96baabc64bdb8066333acd08d3 [diff]
Fix missing compile-time guards around CID-only constants

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 405cda4..53055c2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -2074,14 +2074,12 @@
 
 #if defined(MBEDTLS_SSL_CID)
     memcpy( add_data + 11, rec->cid, rec->cid_len );
-#endif /* MBEDTLS_SSL_CID */
-
     add_data[11 + rec->cid_len + 0] = ( rec->data_len >> 8 ) & 0xFF;
     add_data[11 + rec->cid_len + 1] = ( rec->data_len >> 0 ) & 0xFF;
-
-#if defined(MBEDTLS_SSL_CID)
     *add_data_len = 13 + rec->cid_len;
-#else
+#else /* MBEDTLS_SSL_CID */
+    add_data[11 + 0] = ( rec->data_len >> 8 ) & 0xFF;
+    add_data[11 + 1] = ( rec->data_len >> 0 ) & 0xFF;
     *add_data_len = 13;
 #endif /* MBEDTLS_SSL_CID */
 }
@@ -2122,11 +2120,14 @@
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "no transform provided to encrypt_buf" ) );
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
-    if( rec == NULL                     ||
-        rec->buf == NULL                ||
-        rec->buf_len < rec->data_offset ||
-        rec->buf_len - rec->data_offset < rec->data_len ||
-        rec->cid_len != 0 )
+    if( rec == NULL
+        || rec->buf == NULL
+        || rec->buf_len < rec->data_offset
+        || rec->buf_len - rec->data_offset < rec->data_len
+#if defined(MBEDTLS_SSL_CID)
+        || rec->cid_len != 0
+#endif
+        )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to encrypt_buf" ) );
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -4149,7 +4150,10 @@
                                        ssl->conf->transport, rec.ver );
             rec.type = ssl->out_msgtype;
 
+#if defined(MBEDTLS_SSL_CID)
+            /* The CID is set by mbedtls_ssl_encrypt_buf(). */
             rec.cid_len = 0;
+#endif /* MBEDTLS_SSL_CID */
 
             if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec,
                                          ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 0640779..9f80b1e 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function

@@ -38,11 +38,16 @@
     unsigned char *key0 = NULL, *key1 = NULL;
     unsigned char iv_enc[16], iv_dec[16];
 
+#if defined(MBEDTLS_SSL_CID)
     unsigned char cid0[ SSL_CID_LEN_MIN ];
     unsigned char cid1[ SSL_CID_LEN_MIN ];
 
     rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
     rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
+#else
+    ((void) cid0_len);
+    ((void) cid1_len);
+#endif /* MBEDTLS_SSL_CID */
 
     maclen = 0;
 
@@ -241,6 +246,7 @@
     memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) );
     memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) );
 
+#if defined(MBEDTLS_SSL_CID)
     /* Add CID */
     memcpy( &t_in->in_cid,  cid0, cid0_len );
     memcpy( &t_in->out_cid, cid1, cid1_len );
@@ -250,6 +256,7 @@
     memcpy( &t_out->out_cid, cid0, cid0_len );
     t_out->in_cid_len = cid1_len;
     t_out->out_cid_len = cid0_len;
+#endif /* MBEDTLS_SSL_CID */
 
 cleanup:
 
@@ -372,7 +379,9 @@
         rec.type    = 42;
         rec.ver[0]  = num_records;
         rec.ver[1]  = num_records;
+#if defined(MBEDTLS_SSL_CID)
         rec.cid_len = 0;
+#endif /* MBEDTLS_SSL_CID */
 
         rec.buf     = buf;
         rec.buf_len = buflen;
@@ -490,7 +499,9 @@
             rec.ver[1]  = offset;
             rec.buf     = buf;
             rec.buf_len = buflen;
+#if defined(MBEDTLS_SSL_CID)
             rec.cid_len = 0;
+#endif /* MBEDTLS_SSL_CID */
 
             switch( mode )
             {