From 0ca15967d16305456499c5f203b7c200ae3351ef Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 4 Oct 2017 13:56:42 +0100
Subject: [PATCH] Don't allocate space for DTLS header if DTLS is disabled

---
 include/mbedtls/ssl_internal.h | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 4d03c9213..2d99d4018 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -154,11 +154,17 @@
 #error Bad configuration - protected record payload too large.
 #endif
 
-#define MBEDTLS_SSL_BUFFER_LEN  ( MBEDTLS_SSL_PAYLOAD_LEN        \
-                        + 5 /* TLS record header      */         \
-                        + 8 /* Additional DTLS fields */         \
-                        )
+#if !defined(MBEDTLS_SSL_PROTO_DTLS)
+/* https://tools.ietf.org/html/rfc5246#section-6.2 */
+#define MBEDTLS_SSL_HEADER_LEN 5
+#else
+/* https://tools.ietf.org/html/rfc6347#section-4.1  */
+/* 8 additional bytes for epoch and sequence number */
+#define MBEDTLS_SSL_HEADER_LEN 13
+#endif
 
+#define MBEDTLS_SSL_BUFFER_LEN  \
+    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_PAYLOAD_LEN ) )
 
 /*
  * TLS extension flags (for extensions with outgoing ServerHello content