Add helper function to check validity of record content type

With the introduction of the CID feature, the stack needs to be able to handle a change of record content type during record protection, which in particular means that the record content type check will need to move or be duplicated. This commit introduces a tiny static helper function which checks the validity of record content types, which hopefully makes it easier to subsequently move or duplicate this check.
2019-05-03 13:25:54 +01:00 · 2019-05-03 13:25:54 +01:00 · f661c9c39c
commit f661c9c39c
parent 37ae952923
1 changed files with 14 additions and 4 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -4793,6 +4793,19 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
 }
 #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */

+static int ssl_check_record_type( uint8_t record_type )
+{
+    if( record_type != MBEDTLS_SSL_MSG_HANDSHAKE &&
+        record_type != MBEDTLS_SSL_MSG_ALERT &&
+        record_type != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
+        record_type != MBEDTLS_SSL_MSG_APPLICATION_DATA )
+    {
+        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+    }
+
+    return( 0 );
+}
+
 /*
 * ContentType type;
 * ProtocolVersion version;
@ -4828,10 +4841,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
                        major_ver, minor_ver, ssl->in_msglen ) );

    /* Check record type */
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
-        ssl->in_msgtype != MBEDTLS_SSL_MSG_ALERT &&
-        ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
-        ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
+    if( ssl_check_record_type( ssl->in_msgtype ) )
    {
        MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );