remove mbedtls_ssl_is_record_size_limit_valid function
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
This commit is contained in:
parent
d2fc90e024
commit
e1ac98d888
1 changed files with 19 additions and 27 deletions
|
@ -1698,26 +1698,6 @@ int mbedtls_ssl_tls13_check_received_extension(
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
|
||||
/* RFC 8449, section 4:
|
||||
*
|
||||
* Endpoints MUST NOT send a "record_size_limit" extension with a value
|
||||
* smaller than 64. An endpoint MUST treat receipt of a smaller value
|
||||
* as a fatal error and generate an "illegal_parameter" alert.
|
||||
*/
|
||||
static int mbedtls_ssl_is_record_size_limit_valid(mbedtls_ssl_context *ssl,
|
||||
uint16_t record_size_limit)
|
||||
{
|
||||
if (record_size_limit < MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid record size limit : %u Bytes",
|
||||
record_size_limit));
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT(
|
||||
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
|
||||
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
|
||||
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* RFC 8449, section 4:
|
||||
*
|
||||
|
@ -1730,7 +1710,6 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl,
|
|||
const unsigned char *buf,
|
||||
const unsigned char *end)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
const unsigned char *p = buf;
|
||||
uint16_t record_size_limit;
|
||||
const size_t extension_data_len = end - buf;
|
||||
|
@ -1753,9 +1732,19 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl,
|
|||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("RecordSizeLimit: %u Bytes", record_size_limit));
|
||||
|
||||
ret = mbedtls_ssl_is_record_size_limit_valid(ssl, record_size_limit);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
/* RFC 8449, section 4:
|
||||
*
|
||||
* Endpoints MUST NOT send a "record_size_limit" extension with a value
|
||||
* smaller than 64. An endpoint MUST treat receipt of a smaller value
|
||||
* as a fatal error and generate an "illegal_parameter" alert.
|
||||
*/
|
||||
if (record_size_limit < MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid record size limit : %u Bytes",
|
||||
record_size_limit));
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT(
|
||||
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
|
||||
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
|
||||
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
|
||||
}
|
||||
|
||||
ssl->session_negotiate->record_size_limit = record_size_limit;
|
||||
|
@ -1773,17 +1762,20 @@ int mbedtls_ssl_tls13_write_record_size_limit_ext(mbedtls_ssl_context *ssl,
|
|||
*out_len = 0;
|
||||
|
||||
MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_IN_CONTENT_LEN >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN,
|
||||
"MBEDTLS_SSL_IN_CONTENT_LEN is less than the minimum record size limit");
|
||||
"MBEDTLS_SSL_IN_CONTENT_LEN is less than the "
|
||||
"minimum record size limit");
|
||||
|
||||
MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6);
|
||||
|
||||
MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT, p, 0);
|
||||
MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH, p, 2);
|
||||
MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH,
|
||||
p, 2);
|
||||
MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_IN_CONTENT_LEN, p, 4);
|
||||
|
||||
*out_len = 6;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("Sent RecordSizeLimit: %u Bytes", MBEDTLS_SSL_IN_CONTENT_LEN));
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("Sent RecordSizeLimit: %u Bytes",
|
||||
MBEDTLS_SSL_IN_CONTENT_LEN));
|
||||
|
||||
mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT);
|
||||
|
||||
|
|
Loading…
Reference in a new issue