From 9231340d7176e5f10db6b92b810d66394301b56e Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 20 May 2020 13:58:58 +0100
Subject: [PATCH] Improve documentation of (D)TLSInnerPlaintext handling

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_msg.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index e739e2fb6..6151cbd80 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -578,16 +578,21 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
 
+    /* The following two code paths implement the (D)TLSInnerPlaintext
+     * structure present in TLS 1.3 and DTLS 1.2 + CID.
+     *
+     * See ssl_build_inner_plaintext() for more information.
+     *
+     * Note that this changes `rec->data_len`, and hence
+     * `post_avail` needs to be recalculated afterwards.
+     *
+     * Note also that the two code paths cannot occur simultaneously
+     * since they apply to different versions of the protocol. There
+     * is hence no risk of double-addition of the inner plaintext.
+     */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
     if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
     {
-        /*
-         * Wrap plaintext into TLSInnerPlaintext structure.
-         * See ssl_build_inner_plaintext() for more information.
-         *
-         * Note that this changes `rec->data_len`, and hence
-         * `post_avail` needs to be recalculated afterwards.
-         */
         if( ssl_build_inner_plaintext( data,
                         &rec->data_len,
                         post_avail,