Add helper function to check validity of record content type

With the introduction of the CID feature, the stack needs to be able
to handle a change of record content type during record protection,
which in particular means that the record content type check will
need to move or be duplicated.

This commit introduces a tiny static helper function which checks
the validity of record content types, which hopefully makes it
easier to subsequently move or duplicate this check.
This commit is contained in:
Hanno Becker 2019-05-03 13:25:54 +01:00
parent 74dd3a70d8
commit 46483f11bf

View File

@ -4371,6 +4371,19 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
}
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
static int ssl_check_record_type( uint8_t record_type )
{
if( record_type != MBEDTLS_SSL_MSG_HANDSHAKE &&
record_type != MBEDTLS_SSL_MSG_ALERT &&
record_type != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
record_type != MBEDTLS_SSL_MSG_APPLICATION_DATA )
{
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
return( 0 );
}
/*
* ContentType type;
* ProtocolVersion version;
@ -4406,10 +4419,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
major_ver, minor_ver, ssl->in_msglen ) );
/* Check record type */
if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
ssl->in_msgtype != MBEDTLS_SSL_MSG_ALERT &&
ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
if( ssl_check_record_type( ssl->in_msgtype ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );