yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Changes from 2nd review

Browse source 
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
This commit is contained in:
Jan Bruckner 2023-03-15 14:15:11 +01:00
parent a0589e75a0
commit 1a38e54436
3 changed files with 12 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
library/ssl_tls13_client.c
View file

@ -2179,8 +2179,8 @@ static int ssl_tls13_parse_encrypted_extensions(mbedtls_ssl_context *ssl,
ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(ssl, p, p + extension_data_len); ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(ssl, p, p + extension_data_len);
// Return unconditionally here until we handle the record size limit correctly. /* TODO: Return unconditionally here until we handle the record size limit correctly.
// Once handled correctly, only return in case of errors. * Once handled correctly, only return in case of errors. */
return ret; return ret;
break; break;

14
library/ssl_tls13_generic.c
View file

@ -1568,7 +1568,8 @@ int mbedtls_ssl_tls13_check_received_extension(
} }
#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
/* From RFC 8449: /* RFC 8449, section 4:
*
* The ExtensionData of the "record_size_limit" extension is * The ExtensionData of the "record_size_limit" extension is
* RecordSizeLimit: * RecordSizeLimit:
* uint16 RecordSizeLimit; * uint16 RecordSizeLimit;
@ -1578,10 +1579,14 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end) const unsigned char *end)
{ {
const unsigned char *p = buf;
uint16_t record_size_limit;
const size_t extension_data_len = end - buf; const size_t extension_data_len = end - buf;
if (extension_data_len != MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH) { if (extension_data_len != MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH) {
MBEDTLS_SSL_DEBUG_MSG(2, MBEDTLS_SSL_DEBUG_MSG(2,
("record_size_limit extension has invalid length: %zu Bytes", ("record_size_limit extension has invalid length: %"
MBEDTLS_PRINTF_SIZET " Bytes",
extension_data_len)); extension_data_len));
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_PEND_FATAL_ALERT(
@ -1590,15 +1595,12 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl,
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
} }
const unsigned char *p = buf;
uint16_t record_size_limit;
MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
record_size_limit = MBEDTLS_GET_UINT16_BE(p, 0); record_size_limit = MBEDTLS_GET_UINT16_BE(p, 0);
MBEDTLS_SSL_DEBUG_MSG(2, ("RecordSizeLimit: %u Bytes", record_size_limit)); MBEDTLS_SSL_DEBUG_MSG(2, ("RecordSizeLimit: %u Bytes", record_size_limit));
/* RFC 8449 section 4 /* RFC 8449, section 4
* *
* Endpoints MUST NOT send a "record_size_limit" extension with a value * Endpoints MUST NOT send a "record_size_limit" extension with a value
* smaller than 64. An endpoint MUST treat receipt of a smaller value * smaller than 64. An endpoint MUST treat receipt of a smaller value

4
library/ssl_tls13_server.c
View file

@ -1591,8 +1591,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(ssl, p, extension_data_end); ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(ssl, p, extension_data_end);
// Return unconditionally here until we handle the record size limit correctly. /* TODO: Return unconditionally here until we handle the record size limit correctly.
// Once handled correctly, only return in case of errors. * Once handled correctly, only return in case of errors. */
return ret; return ret;
break; break;