Add parsing for Record Size Limit extension in TLS 1.3
Fixes #7007
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 4cdd87e..ccf382e 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -107,6 +107,7 @@
#define MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC 25
#define MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET 26
#define MBEDTLS_SSL_EXT_ID_SESSION_TICKET 27
+#define MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT 28
/* Utility for translating IANA extension type. */
uint32_t mbedtls_ssl_get_extension_id(unsigned int extension_type);
@@ -167,6 +168,7 @@
MBEDTLS_SSL_EXT_MASK(CERT_AUTH) | \
MBEDTLS_SSL_EXT_MASK(POST_HANDSHAKE_AUTH) | \
MBEDTLS_SSL_EXT_MASK(SIG_ALG_CERT) | \
+ MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT) | \
MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED)
/* RFC 8446 section 4.2. Allowed extensions for EncryptedExtensions */
@@ -179,7 +181,8 @@
MBEDTLS_SSL_EXT_MASK(ALPN) | \
MBEDTLS_SSL_EXT_MASK(CLI_CERT_TYPE) | \
MBEDTLS_SSL_EXT_MASK(SERV_CERT_TYPE) | \
- MBEDTLS_SSL_EXT_MASK(EARLY_DATA))
+ MBEDTLS_SSL_EXT_MASK(EARLY_DATA) | \
+ MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT))
/* RFC 8446 section 4.2. Allowed extensions for CertificateRequest */
#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR \
@@ -2662,6 +2665,13 @@
const unsigned char *end);
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+MBEDTLS_CHECK_RETURN_CRITICAL
+int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end);
+#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
+
#if defined(MBEDTLS_SSL_ALPN)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_parse_alpn_ext(mbedtls_ssl_context *ssl,