From d2fc90e024b055e023c412fac6a1377229396eff Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Thu, 4 Jan 2024 18:04:53 +0000
Subject: [PATCH] Stop sending record size limit extension if it's not sent
 from client

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
 library/ssl_tls13_server.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index c9fddda1ee..36d1c059f5 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -2500,6 +2500,9 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl,
     size_t extensions_len = 0;
     unsigned char *p_extensions_len;
     size_t output_len;
+#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+    uint32_t record_size_extension_mask;
+#endif
 
     *out_len = 0;
 
@@ -2531,12 +2534,15 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_SSL_EARLY_DATA */
 
 #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
-    ret = mbedtls_ssl_tls13_write_record_size_limit_ext(
-        ssl, MBEDTLS_SSL_IN_CONTENT_LEN, p, end, &output_len);
-    if (ret != 0) {
-        return ret;
+    record_size_extension_mask = mbedtls_ssl_get_extension_mask(MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT);
+    if (ssl->handshake->received_extensions | record_size_extension_mask) {
+        ret = mbedtls_ssl_tls13_write_record_size_limit_ext(
+            ssl, p, end, &output_len);
+        if (ret != 0) {
+            return ret;
+        }
+        p += output_len;
     }
-    p += output_len;
 #endif
 
     extensions_len = (p - p_extensions_len) - 2;