mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-28 19:21:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Refactor record size limit extension handling

Browse Source 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
This commit is contained in:
Waleed Elmelegy 2023-12-20 17:28:31 +00:00
parent 26e3698357
commit 049cd302ed
6 changed files with 65 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/mbedtls/ssl.h
View File

@ -1188,7 +1188,7 @@ struct mbedtls_ssl_session {
unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */ unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
/*!< RecordSizeLimit received by peer */ /*!< RecordSizeLimit received from the peer */
#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
uint16_t MBEDTLS_PRIVATE(record_size_limit); uint16_t MBEDTLS_PRIVATE(record_size_limit);
#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */

45
library/ssl_tls.c
View File

@ -2492,7 +2492,7 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session,
needed += 4; /* max_early_data_size */ needed += 4; /* max_early_data_size */
#endif #endif
#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
needed += 2; /* record_size_limit */ needed += 2; /* record_size_limit */
#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
@ -3420,6 +3420,31 @@ size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl)
return max_len; return max_len;
} }
#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl)
{
const size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
size_t record_size_limit = max_len;
if (ssl->session != NULL &&
ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN &&
ssl->session->record_size_limit < max_len) {
record_size_limit = ssl->session->record_size_limit;
}
// TODO: this is currently untested
/* During a handshake, use the value being negotiated */
if (ssl->session_negotiate != NULL &&
ssl->session_negotiate->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN &&
ssl->session_negotiate->record_size_limit < max_len) {
record_size_limit = ssl->session_negotiate->record_size_limit;
}
return record_size_limit;
}
#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl) size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl)
{ {
size_t max_len; size_t max_len;
@ -3491,6 +3516,21 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl)
if (max_len > record_size_limit) { if (max_len > record_size_limit) {
max_len = record_size_limit; max_len = record_size_limit;
if (ssl->transform_out != NULL &&
ssl->transform_out->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
/* RFC 8449, section 4:
*
* This value [record_size_limit] is the length of the plaintext
* of a protected record.
* The value includes the content type and padding added in TLS 1.3
* (that is, the complete length of TLSInnerPlaintext).
*
* Thus, round down to a multiple of MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
* and subtract 1 (for the content type that will be added later)
*/
max_len = ((max_len / MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) *
MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1;
}
} }
#endif #endif
@ -3516,7 +3556,8 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl)
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \ #if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \
!defined(MBEDTLS_SSL_PROTO_DTLS) !defined(MBEDTLS_SSL_PROTO_DTLS) && \
!defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
((void) ssl); ((void) ssl);
#endif #endif

13
library/ssl_tls13_client.c
View File

@ -2131,6 +2131,19 @@ static int ssl_tls13_parse_encrypted_extensions(mbedtls_ssl_context *ssl,
p += extension_data_len; p += extension_data_len;
} }
if ((handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) &&
(handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(MAX_FRAGMENT_LENGTH))) {
mbedtls_debug_print_msg(ssl,
3,
__FILE__,
__LINE__,
"Record size limit extension cannot be used with max fragment length extension");
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
}
MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
handshake->received_extensions); handshake->received_extensions);

37
library/ssl_tls13_generic.c
View File

@ -1732,43 +1732,6 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl,
return 0; return 0;
} }
static inline size_t ssl_compute_internal_record_size_limit(size_t record_size_limit)
{
/* RFC 8449, section 4:
*
* This value [record_size_limit] is the length of the plaintext of a protected record.
* The value includes the content type and padding added in TLS 1.3 (that is, the complete
* length of TLSInnerPlaintext).
*
* Thus, round down to a multiple of MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
* and subtract 1 (for the content type that will be added later)
*/
return ((record_size_limit / MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) *
MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1;
}
size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl)
{
const size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
size_t record_size_limit = max_len;
if (ssl->session != NULL &&
ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN &&
ssl->session->record_size_limit < max_len) {
record_size_limit = ssl_compute_internal_record_size_limit(ssl->session->record_size_limit);
}
// TODO: this is currently untested
/* During a handshake, use the value being negotiated */
if (ssl->session_negotiate != NULL &&
ssl->session_negotiate->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN &&
ssl->session_negotiate->record_size_limit < max_len) {
record_size_limit = ssl_compute_internal_record_size_limit(
ssl->session_negotiate->record_size_limit);
}
return record_size_limit;
}
#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
#endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */

4
tests/src/test_helpers/ssl_helpers.c
View File

@ -1776,6 +1776,10 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session,
} }
#endif /* MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
session->record_size_limit = 2048;
#endif
return 0; return 0;
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

4
tests/suites/test_suite_ssl.function
View File

@ -2096,6 +2096,10 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file,
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
TEST_ASSERT(original.record_size_limit == restored.record_size_limit);
#endif
exit: exit:
mbedtls_ssl_session_free(&original); mbedtls_ssl_session_free(&original);
mbedtls_ssl_session_free(&restored); mbedtls_ssl_session_free(&restored);