1 files changed, 17 insertions, 11 deletions

diff --git a/lib/cipher.c b/lib/cipher.c
index 9f06c7ccf9..71ea578ee0 100644
--- a/lib/cipher.c
+++ b/lib/cipher.c
@@ -68,7 +68,7 @@ decrypt_packet_tls13(gnutls_session_t session,
 
 static int
 encrypt_packet_tls13(gnutls_session_t session,
-		     uint8_t *cipher_data, size_t cipher_size,
+		     mbuffer_st *bufel,
 		     gnutls_datum_t *plain,
 		     size_t pad_size,
 		     uint8_t type,
@@ -100,11 +100,8 @@ _gnutls_encrypt(gnutls_session_t session,
 		/* it fills the header, as it is included in the authenticated
 		 * data of the AEAD cipher. */
 		ret =
-		    encrypt_packet_tls13(session,
-					 _mbuffer_get_udata_ptr(bufel),
-					 _mbuffer_get_udata_size(bufel),
-					 &plaintext, min_pad, type,
-					 params);
+		    encrypt_packet_tls13(session, bufel, &plaintext,
+				    	 min_pad, type, params);
 		if (ret < 0)
 			return gnutls_assert_val(ret);
 	} else {
@@ -432,13 +429,15 @@ encrypt_packet(gnutls_session_t session,
 
 static int
 encrypt_packet_tls13(gnutls_session_t session,
-		     uint8_t *cipher_data, size_t cipher_size,
+		     mbuffer_st *bufel,
 		     gnutls_datum_t *plain,
 		     size_t pad_size,
 		     uint8_t type,
 		     record_parameters_st *params)
 {
 	int ret;
+	uint8_t *cipher_data = _mbuffer_get_udata_ptr(bufel);
+	size_t cipher_size = _mbuffer_get_udata_size(bufel);
 	unsigned int tag_size = params->write.aead_tag_size;
 	const version_entry_st *ver = get_version(session);
 	uint8_t nonce[MAX_CIPHER_IV_SIZE];
@@ -488,10 +487,17 @@ encrypt_packet_tls13(gnutls_session_t session,
 	}
 
 	/* create authenticated data header */
-	aad[0] = GNUTLS_APPLICATION_DATA;
-	aad[1] = 0x03;
-	aad[2] = 0x03;
-	_gnutls_write_uint16(total+tag_size, &aad[3]);
+	if (session->internals.transport == GNUTLS_STREAM) {
+		aad[0] = GNUTLS_APPLICATION_DATA;
+		aad[1] = 0x03;
+		aad[2] = 0x03;
+		_gnutls_write_uint16(total+tag_size, &aad[3]);
+	} else {
+		/* DTLS1.3 uses header as as (AE)AD */
+		uint8_t *header = _mbuffer_get_uhead_ptr(bufel);
+		_gnutls_write_uint16(total+tag_size, &header[3]); // Set length
+		memcpy(aad, header, 5);
+	}
 
 	auth_iov[0].iov_base = aad;
 	auth_iov[0].iov_len = sizeof(aad);