Refactor record size limit extension handling

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2025-07-28 00:21:48 +03:00 · 2023-12-20 17:28:31 +00:00
parent 26e3698357
commit 049cd302ed
6 changed files with 65 additions and 40 deletions
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -2131,6 +2131,19 @@ static int ssl_tls13_parse_encrypted_extensions(mbedtls_ssl_context *ssl,
        p += extension_data_len;
    }

+    if ((handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) &&
+        (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(MAX_FRAGMENT_LENGTH))) {
+        mbedtls_debug_print_msg(ssl,
+                                3,
+                                __FILE__,
+                                __LINE__,
+                                "Record size limit extension cannot be used with max fragment length extension");
+        MBEDTLS_SSL_PEND_FATAL_ALERT(
+            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+            MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
+    }
+
    MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
                           handshake->received_extensions);