Revert back checking on handshake messages length
Revert back checking on handshake messages length due to limitation on our fragmentation support of handshake messages. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
This commit is contained in:
parent
05d670b711
commit
26e3698357
4 changed files with 9 additions and 14 deletions
|
@ -917,7 +917,6 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
|
|||
#endif
|
||||
size_t add_data_len;
|
||||
size_t post_avail;
|
||||
int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl);
|
||||
|
||||
/* The SSL context is only used for debugging purposes! */
|
||||
#if !defined(MBEDTLS_DEBUG_C)
|
||||
|
@ -958,11 +957,11 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_SSL_DEBUG_BUF(4, "before encrypt: output payload",
|
||||
data, rec->data_len);
|
||||
|
||||
if (rec->data_len > (size_t) max_out_record_len) {
|
||||
if (rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("Record content %" MBEDTLS_PRINTF_SIZET
|
||||
" too large, maximum %" MBEDTLS_PRINTF_SIZET,
|
||||
rec->data_len,
|
||||
(size_t) max_out_record_len));
|
||||
(size_t) MBEDTLS_SSL_OUT_CONTENT_LEN));
|
||||
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
|
@ -2743,7 +2742,7 @@ int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned char hs_t
|
|||
* ...
|
||||
*/
|
||||
*buf = ssl->out_msg + 4;
|
||||
*buf_len = mbedtls_ssl_get_max_out_record_payload(ssl) - 4;
|
||||
*buf_len = MBEDTLS_SSL_OUT_CONTENT_LEN - 4;
|
||||
|
||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
||||
ssl->out_msg[0] = hs_type;
|
||||
|
@ -2780,7 +2779,6 @@ int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl,
|
|||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
const size_t hs_len = ssl->out_msglen - 4;
|
||||
const unsigned char hs_type = ssl->out_msg[0];
|
||||
int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl);
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> write handshake message"));
|
||||
|
||||
|
@ -2819,12 +2817,12 @@ int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl,
|
|||
*
|
||||
* Note: We deliberately do not check for the MTU or MFL here.
|
||||
*/
|
||||
if (ssl->out_msglen > (size_t) max_out_record_len) {
|
||||
if (ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("Record too large: "
|
||||
"size %" MBEDTLS_PRINTF_SIZET
|
||||
", maximum %" MBEDTLS_PRINTF_SIZET,
|
||||
ssl->out_msglen,
|
||||
(size_t) max_out_record_len));
|
||||
(size_t) MBEDTLS_SSL_OUT_CONTENT_LEN));
|
||||
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
||||
}
|
||||
|
||||
|
|
|
@ -7004,7 +7004,6 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
|
|||
const mbedtls_x509_crt *crt;
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
|
||||
ssl->handshake->ciphersuite_info;
|
||||
int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl);
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate"));
|
||||
|
||||
|
@ -7049,10 +7048,10 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
|
|||
|
||||
while (crt != NULL) {
|
||||
n = crt->raw.len;
|
||||
if (n > max_out_record_len - 3 - i) {
|
||||
if (n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("certificate too large, %" MBEDTLS_PRINTF_SIZET
|
||||
" > %" MBEDTLS_PRINTF_SIZET,
|
||||
i + 3 + n, (size_t) max_out_record_len));
|
||||
i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN));
|
||||
return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
|
|
|
@ -1376,14 +1376,13 @@ static int ssl_tls13_write_change_cipher_spec_body(mbedtls_ssl_context *ssl,
|
|||
int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl);
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> write change cipher spec"));
|
||||
|
||||
/* Write CCS message */
|
||||
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_change_cipher_spec_body(
|
||||
ssl, ssl->out_msg,
|
||||
ssl->out_msg + max_out_record_len,
|
||||
ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN,
|
||||
&ssl->out_msglen));
|
||||
|
||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
|
||||
|
|
|
@ -4883,8 +4883,7 @@ run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \
|
|||
|
||||
# Currently test certificates being used do not fit in 513 record size limit
|
||||
# so 513 record size limit tests will not pass until certificates size
|
||||
# is reduced.
|
||||
# TODO: use smaller certificates in during MbedTLS TLS 1.3 server testing.
|
||||
# is reduced or handshake messages fragmentation is supported.
|
||||
|
||||
# requires_gnutls_tls1_3
|
||||
# requires_gnutls_record_size_limit
|
||||
|
|
Loading…
Reference in a new issue