Remove the MBEDTLS_SSL_RECORD_CHECKING option
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
diff --git a/ChangeLog.d/issue4361.txt b/ChangeLog.d/issue4361.txt
new file mode 100644
index 0000000..670c8a6
--- /dev/null
+++ b/ChangeLog.d/issue4361.txt
@@ -0,0 +1,2 @@
+Removals
+ * Remove the MBEDTLS_SSL_RECORD_CHECKING option. Fixes #4361.
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 603d985..aa69848 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1468,20 +1468,6 @@
#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
/**
- * \def MBEDTLS_SSL_RECORD_CHECKING
- *
- * Enable the function mbedtls_ssl_check_record() which can be used to check
- * the validity and authenticity of an incoming record, to verify that it has
- * not been seen before. These checks are performed without modifying the
- * externally visible state of the SSL context.
- *
- * See mbedtls_ssl_check_record() for more information.
- *
- * Uncomment to enable support for record checking.
- */
-#define MBEDTLS_SSL_RECORD_CHECKING
-
-/**
* \def MBEDTLS_SSL_DTLS_CONNECTION_ID
*
* Enable support for the DTLS Connection ID extension
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 40814e6..a47631c 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1795,7 +1795,6 @@
*/
void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
-#if defined(MBEDTLS_SSL_RECORD_CHECKING)
/**
* \brief Check whether a buffer contains a valid and authentic record
* that has not been seen before. (DTLS only).
@@ -1843,7 +1842,6 @@
int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
unsigned char *buf,
size_t buflen );
-#endif /* MBEDTLS_SSL_RECORD_CHECKING */
/**
* \brief Set the timer callbacks (Mandatory for DTLS.)
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 3956a67..c2fcdcb 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -86,7 +86,6 @@
return( 0 );
}
-#if defined(MBEDTLS_SSL_RECORD_CHECKING)
static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
unsigned char *buf,
size_t len,
@@ -150,7 +149,6 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) );
return( ret );
}
-#endif /* MBEDTLS_SSL_RECORD_CHECKING */
#define SSL_DONT_FORCE_FLUSH 0
#define SSL_FORCE_FLUSH 1
diff --git a/library/version_features.c b/library/version_features.c
index d2de895..b42fb29 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -468,9 +468,6 @@
#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
"MBEDTLS_SSL_ALL_ALERT_MESSAGES",
#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */
-#if defined(MBEDTLS_SSL_RECORD_CHECKING)
- "MBEDTLS_SSL_RECORD_CHECKING",
-#endif /* MBEDTLS_SSL_RECORD_CHECKING */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
"MBEDTLS_SSL_DTLS_CONNECTION_ID",
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index 73457a1..fd7eacf 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@@ -159,7 +159,6 @@
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
-#if defined(MBEDTLS_SSL_RECORD_CHECKING)
int ssl_check_record( mbedtls_ssl_context const *ssl,
unsigned char const *buf, size_t len )
{
@@ -220,7 +219,6 @@
return( 0 );
}
-#endif /* MBEDTLS_SSL_RECORD_CHECKING */
int recv_cb( void *ctx, unsigned char *buf, size_t len )
{
@@ -241,10 +239,8 @@
/* Here's the place to do any datagram/record checking
* in between receiving the packet from the underlying
* transport and passing it on to the TLS stack. */
-#if defined(MBEDTLS_SSL_RECORD_CHECKING)
if( ssl_check_record( io_ctx->ssl, buf, recv_len ) != 0 )
return( -1 );
-#endif /* MBEDTLS_SSL_RECORD_CHECKING */
}
return( (int) recv_len );
@@ -267,10 +263,8 @@
/* Here's the place to do any datagram/record checking
* in between receiving the packet from the underlying
* transport and passing it on to the TLS stack. */
-#if defined(MBEDTLS_SSL_RECORD_CHECKING)
if( ssl_check_record( io_ctx->ssl, buf, recv_len ) != 0 )
return( -1 );
-#endif /* MBEDTLS_SSL_RECORD_CHECKING */
}
return( (int) recv_len );
diff --git a/programs/test/query_config.c b/programs/test/query_config.c
index 450e2fb..cf7b303 100644
--- a/programs/test/query_config.c
+++ b/programs/test/query_config.c
@@ -1299,14 +1299,6 @@
}
#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */
-#if defined(MBEDTLS_SSL_RECORD_CHECKING)
- if( strcmp( "MBEDTLS_SSL_RECORD_CHECKING", config ) == 0 )
- {
- MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_RECORD_CHECKING );
- return( 0 );
- }
-#endif /* MBEDTLS_SSL_RECORD_CHECKING */
-
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( strcmp( "MBEDTLS_SSL_DTLS_CONNECTION_ID", config ) == 0 )
{