From 505089d9440e15d416676a03f53968c0bf50f5ab Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 1 May 2019 09:45:57 +0100 Subject: [PATCH] Fix missing compile-time guards around CID-only constants --- library/ssl_tls.c | 24 ++++++++++++++---------- tests/suites/test_suite_ssl.function | 11 +++++++++++ 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2c6a064b6..babe481ac 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1652,14 +1652,12 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, #if defined(MBEDTLS_SSL_CID) memcpy( add_data + 11, rec->cid, rec->cid_len ); -#endif /* MBEDTLS_SSL_CID */ - add_data[11 + rec->cid_len + 0] = ( rec->data_len >> 8 ) & 0xFF; add_data[11 + rec->cid_len + 1] = ( rec->data_len >> 0 ) & 0xFF; - -#if defined(MBEDTLS_SSL_CID) *add_data_len = 13 + rec->cid_len; -#else +#else /* MBEDTLS_SSL_CID */ + add_data[11 + 0] = ( rec->data_len >> 8 ) & 0xFF; + add_data[11 + 1] = ( rec->data_len >> 0 ) & 0xFF; *add_data_len = 13; #endif /* MBEDTLS_SSL_CID */ } @@ -1700,11 +1698,14 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "no transform provided to encrypt_buf" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - if( rec == NULL || - rec->buf == NULL || - rec->buf_len < rec->data_offset || - rec->buf_len - rec->data_offset < rec->data_len || - rec->cid_len != 0 ) + if( rec == NULL + || rec->buf == NULL + || rec->buf_len < rec->data_offset + || rec->buf_len - rec->data_offset < rec->data_len +#if defined(MBEDTLS_SSL_CID) + || rec->cid_len != 0 +#endif + ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to encrypt_buf" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -3727,7 +3728,10 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) ssl->conf->transport, rec.ver ); rec.type = ssl->out_msgtype; +#if defined(MBEDTLS_SSL_CID) + /* The CID is set by mbedtls_ssl_encrypt_buf(). */ rec.cid_len = 0; +#endif /* MBEDTLS_SSL_CID */ if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec, ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index a022c42cf..a1a7a303a 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -38,11 +38,16 @@ static int build_transforms( mbedtls_ssl_transform *t_in, unsigned char *key0 = NULL, *key1 = NULL; unsigned char iv_enc[16], iv_dec[16]; +#if defined(MBEDTLS_SSL_CID) unsigned char cid0[ SSL_CID_LEN_MIN ]; unsigned char cid1[ SSL_CID_LEN_MIN ]; rnd_std_rand( NULL, cid0, sizeof( cid0 ) ); rnd_std_rand( NULL, cid1, sizeof( cid1 ) ); +#else + ((void) cid0_len); + ((void) cid1_len); +#endif /* MBEDTLS_SSL_CID */ maclen = 0; @@ -241,6 +246,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) ); memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) ); +#if defined(MBEDTLS_SSL_CID) /* Add CID */ memcpy( &t_in->in_cid, cid0, cid0_len ); memcpy( &t_in->out_cid, cid1, cid1_len ); @@ -250,6 +256,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, memcpy( &t_out->out_cid, cid0, cid0_len ); t_out->in_cid_len = cid1_len; t_out->out_cid_len = cid0_len; +#endif /* MBEDTLS_SSL_CID */ cleanup: @@ -372,7 +379,9 @@ void ssl_crypt_record( int cipher_type, int hash_id, rec.type = 42; rec.ver[0] = num_records; rec.ver[1] = num_records; +#if defined(MBEDTLS_SSL_CID) rec.cid_len = 0; +#endif /* MBEDTLS_SSL_CID */ rec.buf = buf; rec.buf_len = buflen; @@ -490,7 +499,9 @@ void ssl_crypt_record_small( int cipher_type, int hash_id, rec.ver[1] = offset; rec.buf = buf; rec.buf_len = buflen; +#if defined(MBEDTLS_SSL_CID) rec.cid_len = 0; +#endif /* MBEDTLS_SSL_CID */ switch( mode ) {