commit e1ac98d8887872ccc8a5034a5e237f74965f3a47
author Waleed Elmelegy <waleed.elmelegy@arm.com> Fri Jan 05 18:10:12 2024 +0000
committer Waleed Elmelegy <waleed.elmelegy@arm.com> Wed Jan 10 16:17:27 2024 +0000
tree 530019fdcd0e7bc2c5ce95d1051af77c158e31da
parent d2fc90e024b055e023c412fac6a1377229396eff

remove mbedtls_ssl_is_record_size_limit_valid function

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>

library/ssl_tls13_generic.c

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index ad2b7f6..0afedbc 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1698,26 +1698,6 @@
 }
 
 #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
-/* RFC 8449, section 4:
- *
- * Endpoints MUST NOT send a "record_size_limit" extension with a value
- * smaller than 64.  An endpoint MUST treat receipt of a smaller value
- * as a fatal error and generate an "illegal_parameter" alert.
- */
-static int mbedtls_ssl_is_record_size_limit_valid(mbedtls_ssl_context *ssl,
-                                                  uint16_t record_size_limit)
-{
-    if (record_size_limit < MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid record size limit : %u Bytes",
-                                  record_size_limit));
-        MBEDTLS_SSL_PEND_FATAL_ALERT(
-            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-            MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
-        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
-    }
-
-    return 0;
-}
 
 /* RFC 8449, section 4:
  *
@@ -1730,7 +1710,6 @@
                                                   const unsigned char *buf,
                                                   const unsigned char *end)
 {
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *p = buf;
     uint16_t record_size_limit;
     const size_t extension_data_len = end - buf;
@@ -1753,9 +1732,19 @@
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("RecordSizeLimit: %u Bytes", record_size_limit));
 
-    ret = mbedtls_ssl_is_record_size_limit_valid(ssl, record_size_limit);
-    if (ret != 0) {
-        return ret;
+    /* RFC 8449, section 4:
+     *
+     * Endpoints MUST NOT send a "record_size_limit" extension with a value
+     * smaller than 64.  An endpoint MUST treat receipt of a smaller value
+     * as a fatal error and generate an "illegal_parameter" alert.
+     */
+    if (record_size_limit < MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid record size limit : %u Bytes",
+                                  record_size_limit));
+        MBEDTLS_SSL_PEND_FATAL_ALERT(
+            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+            MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
 
     ssl->session_negotiate->record_size_limit = record_size_limit;
@@ -1773,17 +1762,20 @@
     *out_len = 0;
 
     MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_IN_CONTENT_LEN >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN,
-                          "MBEDTLS_SSL_IN_CONTENT_LEN is less than the minimum record size limit");
+                          "MBEDTLS_SSL_IN_CONTENT_LEN is less than the "
+                          "minimum record size limit");
 
     MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6);
 
     MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT, p, 0);
-    MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH, p, 2);
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH,
+                          p, 2);
     MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_IN_CONTENT_LEN, p, 4);
 
     *out_len = 6;
 
-    MBEDTLS_SSL_DEBUG_MSG(2, ("Sent RecordSizeLimit: %u Bytes", MBEDTLS_SSL_IN_CONTENT_LEN));
+    MBEDTLS_SSL_DEBUG_MSG(2, ("Sent RecordSizeLimit: %u Bytes",
+                              MBEDTLS_SSL_IN_CONTENT_LEN));
 
     mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT);