Revert back checking on handshake messages length
Revert back checking on handshake messages length due to
limitation on our fragmentation support of handshake
messages.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 29518c3..6579c96 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -917,7 +917,6 @@
#endif
size_t add_data_len;
size_t post_avail;
- int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl);
/* The SSL context is only used for debugging purposes! */
#if !defined(MBEDTLS_DEBUG_C)
@@ -958,11 +957,11 @@
MBEDTLS_SSL_DEBUG_BUF(4, "before encrypt: output payload",
data, rec->data_len);
- if (rec->data_len > (size_t) max_out_record_len) {
+ if (rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN) {
MBEDTLS_SSL_DEBUG_MSG(1, ("Record content %" MBEDTLS_PRINTF_SIZET
" too large, maximum %" MBEDTLS_PRINTF_SIZET,
rec->data_len,
- (size_t) max_out_record_len));
+ (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN));
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
@@ -2743,7 +2742,7 @@
* ...
*/
*buf = ssl->out_msg + 4;
- *buf_len = mbedtls_ssl_get_max_out_record_payload(ssl) - 4;
+ *buf_len = MBEDTLS_SSL_OUT_CONTENT_LEN - 4;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = hs_type;
@@ -2780,7 +2779,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const size_t hs_len = ssl->out_msglen - 4;
const unsigned char hs_type = ssl->out_msg[0];
- int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl);
MBEDTLS_SSL_DEBUG_MSG(2, ("=> write handshake message"));
@@ -2819,12 +2817,12 @@
*
* Note: We deliberately do not check for the MTU or MFL here.
*/
- if (ssl->out_msglen > (size_t) max_out_record_len) {
+ if (ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN) {
MBEDTLS_SSL_DEBUG_MSG(1, ("Record too large: "
"size %" MBEDTLS_PRINTF_SIZET
", maximum %" MBEDTLS_PRINTF_SIZET,
ssl->out_msglen,
- (size_t) max_out_record_len));
+ (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN));
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 419185c..7a8c759 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7004,7 +7004,6 @@
const mbedtls_x509_crt *crt;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
- int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl);
MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate"));
@@ -7049,10 +7048,10 @@
while (crt != NULL) {
n = crt->raw.len;
- if (n > max_out_record_len - 3 - i) {
+ if (n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i) {
MBEDTLS_SSL_DEBUG_MSG(1, ("certificate too large, %" MBEDTLS_PRINTF_SIZET
" > %" MBEDTLS_PRINTF_SIZET,
- i + 3 + n, (size_t) max_out_record_len));
+ i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN));
return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
}
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 2375021..7c7aac8 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1376,14 +1376,13 @@
int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl);
MBEDTLS_SSL_DEBUG_MSG(2, ("=> write change cipher spec"));
/* Write CCS message */
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_change_cipher_spec_body(
ssl, ssl->out_msg,
- ssl->out_msg + max_out_record_len,
+ ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN,
&ssl->out_msglen));
ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;