tls13: Add function to search for a supported_versions extension

Move in a dedicated function the search for the supported_versions extension in a list of extensions, to be able to use it on server side as well. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-12-24 17:41:01 +03:00 · 2023-02-08 17:38:29 +01:00
parent f95d169d60
commit 47dce630f4
3 changed files with 86 additions and 41 deletions
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1324,8 +1324,8 @@ static int ssl_tls13_is_supported_versions_ext_present(
 {
    const unsigned char *p = buf;
    size_t legacy_session_id_echo_len;
-    size_t extensions_len;
-    const unsigned char *extensions_end;
+    const unsigned char *supported_versions_ext;
+    const unsigned char *supported_versions_ext_end;

    /*
     * Check there is enough data to access the legacy_session_id_echo vector
@@ -1347,45 +1347,9 @@ static int ssl_tls13_is_supported_versions_ext_present(
    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, legacy_session_id_echo_len + 4);
    p += legacy_session_id_echo_len + 4;

-    /* Case of no extension */
-    if (p == end) {
-        return 0;
-    }
-
-    /* ...
-     * Extension extensions<6..2^16-1>;
-     * ...
-     * struct {
-     *      ExtensionType extension_type; (2 bytes)
-     *      opaque extension_data<0..2^16-1>;
-     * } Extension;
-     */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
-    extensions_len = MBEDTLS_GET_UINT16_BE(p, 0);
-    p += 2;
-
-    /* Check extensions do not go beyond the buffer of data. */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len);
-    extensions_end = p + extensions_len;
-
-    while (p < extensions_end) {
-        unsigned int extension_type;
-        size_t extension_data_len;
-
-        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4);
-        extension_type = MBEDTLS_GET_UINT16_BE(p, 0);
-        extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2);
-        p += 4;
-
-        if (extension_type == MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS) {
-            return 1;
-        }
-
-        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len);
-        p += extension_data_len;
-    }
-
-    return 0;
+    return mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts(
+        ssl, p, end,
+        &supported_versions_ext, &supported_versions_ext_end);
 }

 /* Returns a negative value on failure, and otherwise