From 4c3eb7c9191d53da0162a96d1e08fe52fa0f8adb Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 8 May 2019 16:43:21 +0100
Subject: [PATCH] Set CID pointer to default value even for TLS

There are two options:
1. Don't set it, and don't use it during record protection,
   guarding the respective paths by a check whether TLS or
   DTLS is used.
2. Set it to the default value even for TLS, and avoid the
   protocol-dependent branch during record protection.

This commit picks option 2.
---
 library/ssl_tls.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 43fa449a2..7e7d5a0b4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -8082,6 +8082,9 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
     {
         ssl->out_ctr = ssl->out_hdr - 8;
         ssl->out_len = ssl->out_hdr + 3;
+#if defined(MBEDTLS_SSL_CID)
+        ssl->out_cid = ssl->out_len;
+#endif
         ssl->out_iv  = ssl->out_hdr + 5;
     }
 
@@ -8136,6 +8139,9 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl )
     {
         ssl->in_ctr = ssl->in_hdr - 8;
         ssl->in_len = ssl->in_hdr + 3;
+#if defined(MBEDTLS_SSL_CID)
+        ssl->in_cid = ssl->in_len;
+#endif
         ssl->in_iv  = ssl->in_hdr + 5;
     }