[nrf fromlist] Adjusting the length of additional data.

Upstream PR: Mbed-TLS/mbedtls#5061 Jira: NCSDK-16493 Signed-off-by: Pete Skeggs <peter.skeggs@nordicsemi.no>
plskeggs · Aug 17, 2022 · 07a4aee · 07a4aee
1 parent 79d2a1d
commit 07a4aee
Showing 1 changed file with 21 additions and 6 deletions.
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
@@ -382,6 +382,12 @@ static int ssl_parse_inner_plaintext( unsigned char const *content,
  *
  * 1) CID functionality disabled
  *
+ * additional_data =
+ *    8:                    seq_num +
+ *    1:                       type +
+ *    2:                    version +
+ *    2:  length of inner plaintext +
+ *
  * size = 13 bytes
  *
  * 2) CID functionality based on RFC 9146 enabled
@@ -401,7 +407,7 @@ static int ssl_parse_inner_plaintext( unsigned char const *content,
  * size of the additional data structure is calculated as:
  *
  * additional_data =
- *    8: seq_num +
+ *    8:                    seq_num +
  *    1:                  tls12_cid +
  *    2:     DTLSCipherText.version +
  *    n:                        cid +
@@ -425,7 +431,8 @@ static int ssl_parse_inner_plaintext( unsigned char const *content,
 static void ssl_extract_add_data_from_record( unsigned char* add_data,
                                               size_t *add_data_len,
                                               mbedtls_record *rec,
-                                              unsigned minor_ver,
+                                              mbedtls_ssl_protocol_version
+                                              tls_version,
                                               size_t taglen )
 {
     /* Several types of ciphers have been defined for use with TLS and DTLS,
@@ -542,7 +549,7 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
 
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-        
+
 #if MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
         if( rec->cid_len != 0 )
         {
@@ -687,10 +694,11 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
     mbedtls_cipher_mode_t mode;
     int auth_done = 0;
     unsigned char * data;
+    /* For an explanation of the additional data length see
+    * the descrpition of ssl_extract_add_data_from_record().
+    */
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     unsigned char add_data[23 + MBEDTLS_SSL_CID_OUT_LEN_MAX];
-#elif defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_LEGACY)
-   unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX];
 #else
     unsigned char add_data[13];
 #endif
@@ -1165,7 +1173,14 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
     size_t padlen = 0, correct = 1;
 #endif
     unsigned char* data;
-    unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_IN_LEN_MAX ];
+    /* For an explanation of the additional data length see
+    * the descrpition of ssl_extract_add_data_from_record().
+    */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+    unsigned char add_data[23 + MBEDTLS_SSL_CID_IN_LEN_MAX];
+#else
+    unsigned char add_data[13];
+#endif
     size_t add_data_len;
 
 #if !defined(MBEDTLS_DEBUG_C)