Add parsing for Record Size Limit extension in TLS 1.3
Fixes #7007
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 4cdd87e..ccf382e 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -107,6 +107,7 @@
#define MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC 25
#define MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET 26
#define MBEDTLS_SSL_EXT_ID_SESSION_TICKET 27
+#define MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT 28
/* Utility for translating IANA extension type. */
uint32_t mbedtls_ssl_get_extension_id(unsigned int extension_type);
@@ -167,6 +168,7 @@
MBEDTLS_SSL_EXT_MASK(CERT_AUTH) | \
MBEDTLS_SSL_EXT_MASK(POST_HANDSHAKE_AUTH) | \
MBEDTLS_SSL_EXT_MASK(SIG_ALG_CERT) | \
+ MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT) | \
MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED)
/* RFC 8446 section 4.2. Allowed extensions for EncryptedExtensions */
@@ -179,7 +181,8 @@
MBEDTLS_SSL_EXT_MASK(ALPN) | \
MBEDTLS_SSL_EXT_MASK(CLI_CERT_TYPE) | \
MBEDTLS_SSL_EXT_MASK(SERV_CERT_TYPE) | \
- MBEDTLS_SSL_EXT_MASK(EARLY_DATA))
+ MBEDTLS_SSL_EXT_MASK(EARLY_DATA) | \
+ MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT))
/* RFC 8446 section 4.2. Allowed extensions for CertificateRequest */
#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR \
@@ -2662,6 +2665,13 @@
const unsigned char *end);
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+MBEDTLS_CHECK_RETURN_CRITICAL
+int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end);
+#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
+
#if defined(MBEDTLS_SSL_ALPN)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_parse_alpn_ext(mbedtls_ssl_context *ssl,
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5d8a761..e96ce06 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -593,6 +593,9 @@
case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
return MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET;
+ case MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT:
+ return MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT;
+
case MBEDTLS_TLS_EXT_SESSION_TICKET:
return MBEDTLS_SSL_EXT_ID_SESSION_TICKET;
@@ -635,7 +638,8 @@
[MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS] = "supported_point_formats",
[MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC] = "encrypt_then_mac",
[MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET] = "extended_master_secret",
- [MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = "session_ticket"
+ [MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = "session_ticket",
+ [MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT] = "record_size_limit"
};
static unsigned int extension_type_table[] = {
@@ -666,7 +670,8 @@
[MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS] = MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS,
[MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC] = MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC,
[MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET] = MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET,
- [MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = MBEDTLS_TLS_EXT_SESSION_TICKET
+ [MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = MBEDTLS_TLS_EXT_SESSION_TICKET,
+ [MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT] = MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT
};
const char *mbedtls_ssl_get_extension_name(unsigned int extension_type)
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 8697c53..17c1bae 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -2173,6 +2173,17 @@
break;
#endif /* MBEDTLS_SSL_EARLY_DATA */
+#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+ case MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT:
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found record_size_limit extension"));
+
+ ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(ssl, p, p + extension_data_len);
+
+ return ret;
+
+ break;
+#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
+
default:
MBEDTLS_SSL_PRINT_EXT(
3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 512656e..0e7aa3a 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1567,4 +1567,59 @@
return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION;
}
+#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+/* From RFC 8449:
+ * The ExtensionData of the "record_size_limit" extension is
+ * RecordSizeLimit:
+ * uint16 RecordSizeLimit;
+ */
+MBEDTLS_CHECK_RETURN_CRITICAL
+int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end)
+{
+ const ptrdiff_t extension_data_len = end - buf;
+ if (extension_data_len != 2) {
+ MBEDTLS_SSL_DEBUG_MSG(2,
+ ("record_size_limit extension has invalid length: %td Bytes",
+ extension_data_len));
+
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
+ }
+
+ const unsigned char *p = buf;
+ uint16_t record_size_limit;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+ record_size_limit = MBEDTLS_GET_UINT16_BE(p, 0);
+
+ MBEDTLS_SSL_DEBUG_MSG(2, ("RecordSizeLimit: %u Bytes", record_size_limit));
+
+ /* RFC 8449 section 4
+ *
+ * Endpoints MUST NOT send a "record_size_limit" extension with a value
+ * smaller than 64. An endpoint MUST treat receipt of a smaller value
+ * as a fatal error and generate an "illegal_parameter" alert.
+ */
+ if (record_size_limit < 64) {
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG(2,
+ (
+ "record_size_limit extension is still in development. Aborting handshake."));
+
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
+ MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION);
+ return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION;
+}
+#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
+
#endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 6b1c4c5..de60a7a 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1585,6 +1585,17 @@
break;
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
+#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+ case MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT:
+ MBEDTLS_SSL_DEBUG_MSG(3, ("found record_size_limit extension"));
+
+ ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(ssl, p, extension_data_end);
+
+ return ret;
+
+ break;
+#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
+
default:
MBEDTLS_SSL_PRINT_EXT(
3, MBEDTLS_SSL_HS_CLIENT_HELLO,