ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-10 00:49:04 +08:00
Code Issues Releases Wiki Activity

Refactor and improve Record size limit handling

Browse Source 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
This commit is contained in:
Waleed Elmelegy 2023-12-28 17:48:16 +00:00
parent 65e3046e18
commit 6a971fd61a
2 changed files with 44 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
library/ssl_tls.c
View File

@ -3387,6 +3387,31 @@ const char *mbedtls_ssl_get_version(const mbedtls_ssl_context *ssl)
}
}
#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl)
{
const size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
size_t record_size_limit = max_len;
if (ssl->session != NULL &&
ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN &&
ssl->session->record_size_limit < max_len) {
record_size_limit = ssl->session->record_size_limit;
}
// TODO: this is currently untested
/* During a handshake, use the value being negotiated */
if (ssl->session_negotiate != NULL &&
ssl->session_negotiate->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN &&
ssl->session_negotiate->record_size_limit < max_len) {
record_size_limit = ssl->session_negotiate->record_size_limit;
}
return record_size_limit;
}
#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl)
{
@ -3420,31 +3445,6 @@ size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl)
return max_len;
}
#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl)
{
const size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
size_t record_size_limit = max_len;
if (ssl->session != NULL &&
ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN &&
ssl->session->record_size_limit < max_len) {
record_size_limit = ssl->session->record_size_limit;
}
// TODO: this is currently untested
/* During a handshake, use the value being negotiated */
if (ssl->session_negotiate != NULL &&
ssl->session_negotiate->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN &&
ssl->session_negotiate->record_size_limit < max_len) {
record_size_limit = ssl->session_negotiate->record_size_limit;
}
return record_size_limit;
}
#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl)
{
size_t max_len;
@ -3516,6 +3516,9 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl)
if (max_len > record_size_limit) {
max_len = record_size_limit;
}
#endif
if (ssl->transform_out != NULL &&
ssl->transform_out->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
/* RFC 8449, section 4:
@ -3531,8 +3534,6 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl)
max_len = ((max_len / MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) *
MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1;
}
}
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if (mbedtls_ssl_get_current_mtu(ssl) != 0) {

8
library/ssl_tls13_client.c
View File

@ -2133,11 +2133,9 @@ static int ssl_tls13_parse_encrypted_extensions(mbedtls_ssl_context *ssl,
if ((handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) &&
(handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(MAX_FRAGMENT_LENGTH))) {
mbedtls_debug_print_msg(ssl,
3,
__FILE__,
__LINE__,
"Record size limit extension cannot be used with max fragment length extension");
MBEDTLS_SSL_DEBUG_MSG(3,
(
"Record size limit extension cannot be used with max fragment length extension"));
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);