Re-enable CID comparison when decrypting CID-based records

This commit is contained in:
Hanno Becker 2019-05-08 13:02:22 +01:00
parent 8b09b73cb1
commit abd7c89923

View file

@ -2151,17 +2151,11 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
* Match record's CID with incoming CID. * Match record's CID with incoming CID.
*/ */
/* Uncomment this once CID parsing is in place */ if( rec->cid_len != transform->in_cid_len ||
/* if( rec->cid_len != transform->in_cid_len || */ memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 )
/* memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 ) */ {
/* { */ return( MBEDTLS_ERR_SSL_INVALID_RECORD );
/* return( MBEDTLS_ERR_SSL_INVALID_RECORD ); */ }
/* } */
/* Remove this once CID parsing is in place */
rec->cid_len = transform->in_cid_len;
memcpy( rec->cid, transform->in_cid, transform->in_cid_len );
MBEDTLS_SSL_DEBUG_BUF( 3, "CID", rec->cid, rec->cid_len );
#endif /* MBEDTLS_SSL_CID */ #endif /* MBEDTLS_SSL_CID */
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)