diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e77b72abcfde..c179a9817f8f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5703,12 +5703,14 @@ size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl ) size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN; size_t read_mfl; +#if defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER) /* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE ) { return ssl_mfl_code_to_length( ssl->conf->mfl_code ); } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER */ /* Check if a smaller max length was negotiated */ if( ssl->session_out != NULL ) @@ -5720,7 +5722,7 @@ size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl ) } } - // During a handshake, use the value being negotiated + /* During a handshake, use the value being negotiated */ if( ssl->session_negotiate != NULL ) { read_mfl = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code ); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 033803a8ed85..65fbab9fcbe4 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -569,7 +569,7 @@ static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding max_fragment_length extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding max_fragment_length extension" ) ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF ); @@ -1754,7 +1754,14 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - ssl_write_max_fragment_length_ext( ssl, buf, end, &cur_ext_len ); + if( ( ret = ssl_write_max_fragment_length_ext( ssl, buf, + (size_t)( end - buf ), + &cur_ext_len ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_max_fragment_length_ext", ret ); + return( ret ); + } + total_ext_len += cur_ext_len; buf += cur_ext_len; #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 0f5c6fcbf0ae..bd2da16546a5 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3067,13 +3067,15 @@ static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl, #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t buflen, + size_t *olen ) { unsigned char *p = buf; *olen = 0; + if( ( ssl->handshake->extensions_present & MAX_FRAGMENT_LENGTH_EXTENSION ) == 0 ) { @@ -3085,10 +3087,15 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, return( 0 ); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "adding max_fragment_length extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF ); + MBEDTLS_SSL_CHK_BUF_PTR( p, buf + buflen, 5 ); + + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) + & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) + & 0xFF ); *p++ = 0x00; *p++ = 1; @@ -3096,6 +3103,8 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, *p++ = ssl->session_negotiate->mfl_code; *olen = 5; + + return( 0 ); } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */