From 3850e6b554d223f83acf499f830a1b64d8c665b6 Mon Sep 17 00:00:00 2001
From: Marco Oliverio <marco@wolfssl.com>
Date: Wed, 20 Jul 2022 14:51:49 +0200
Subject: [PATCH] fix: dtls13: use aes for record numbers encryption if using
 aes-ccm

---
 src/dtls13.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/dtls13.c b/src/dtls13.c
index ee45034cb..e31d2c699 100644
--- a/src/dtls13.c
+++ b/src/dtls13.c
@@ -269,14 +269,15 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask,
     else
         c = &ssl->dtlsRecordNumberDecrypt;
 
-#ifdef HAVE_AESGCM
-    if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) {
+#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
+    if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm ||
+        ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm) {
 
         if (c->aes == NULL)
             return BAD_STATE_E;
         return wc_AesEncryptDirect(c->aes, mask, ciphertext);
     }
-#endif /* HAVE_AESGCM */
+#endif /* HAVE_AESGCM || HAVE_AESCCM */
 
 #ifdef HAVE_CHACHA
     if (ssl->specs.bulk_cipher_algorithm == wolfssl_chacha) {