Refactor record size limit extension handling
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7a8c759..914eec3 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2492,7 +2492,7 @@
needed += 4; /* max_early_data_size */
#endif
#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
- needed += 2; /* record_size_limit */
+ needed += 2; /* record_size_limit */
#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
#if defined(MBEDTLS_HAVE_TIME)
@@ -3420,6 +3420,31 @@
return max_len;
}
+#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+
+size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl)
+{
+ const size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
+ size_t record_size_limit = max_len;
+
+ if (ssl->session != NULL &&
+ ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN &&
+ ssl->session->record_size_limit < max_len) {
+ record_size_limit = ssl->session->record_size_limit;
+ }
+
+ // TODO: this is currently untested
+ /* During a handshake, use the value being negotiated */
+ if (ssl->session_negotiate != NULL &&
+ ssl->session_negotiate->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN &&
+ ssl->session_negotiate->record_size_limit < max_len) {
+ record_size_limit = ssl->session_negotiate->record_size_limit;
+ }
+
+ return record_size_limit;
+}
+#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
+
size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl)
{
size_t max_len;
@@ -3491,6 +3516,21 @@
if (max_len > record_size_limit) {
max_len = record_size_limit;
+ if (ssl->transform_out != NULL &&
+ ssl->transform_out->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
+ /* RFC 8449, section 4:
+ *
+ * This value [record_size_limit] is the length of the plaintext
+ * of a protected record.
+ * The value includes the content type and padding added in TLS 1.3
+ * (that is, the complete length of TLSInnerPlaintext).
+ *
+ * Thus, round down to a multiple of MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
+ * and subtract 1 (for the content type that will be added later)
+ */
+ max_len = ((max_len / MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) *
+ MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1;
+ }
}
#endif
@@ -3516,7 +3556,8 @@
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \
- !defined(MBEDTLS_SSL_PROTO_DTLS)
+ !defined(MBEDTLS_SSL_PROTO_DTLS) && \
+ !defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
((void) ssl);
#endif
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 1a246c4..503db58 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -2131,6 +2131,19 @@
p += extension_data_len;
}
+ if ((handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) &&
+ (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(MAX_FRAGMENT_LENGTH))) {
+ mbedtls_debug_print_msg(ssl,
+ 3,
+ __FILE__,
+ __LINE__,
+ "Record size limit extension cannot be used with max fragment length extension");
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
+ }
+
MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
handshake->received_extensions);
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 7c7aac8..326811a 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1732,43 +1732,6 @@
return 0;
}
-static inline size_t ssl_compute_internal_record_size_limit(size_t record_size_limit)
-{
- /* RFC 8449, section 4:
- *
- * This value [record_size_limit] is the length of the plaintext of a protected record.
- * The value includes the content type and padding added in TLS 1.3 (that is, the complete
- * length of TLSInnerPlaintext).
- *
- * Thus, round down to a multiple of MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
- * and subtract 1 (for the content type that will be added later)
- */
- return ((record_size_limit / MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) *
- MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1;
-}
-
-size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl)
-{
- const size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
- size_t record_size_limit = max_len;
-
- if (ssl->session != NULL &&
- ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN &&
- ssl->session->record_size_limit < max_len) {
- record_size_limit = ssl_compute_internal_record_size_limit(ssl->session->record_size_limit);
- }
-
- // TODO: this is currently untested
- /* During a handshake, use the value being negotiated */
- if (ssl->session_negotiate != NULL &&
- ssl->session_negotiate->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN &&
- ssl->session_negotiate->record_size_limit < max_len) {
- record_size_limit = ssl_compute_internal_record_size_limit(
- ssl->session_negotiate->record_size_limit);
- }
-
- return record_size_limit;
-}
#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
#endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */