Remove the MBEDTLS_SSL_RECORD_CHECKING option

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2025-11-04 04:32:24 -05:00 · 2021-05-12 13:28:59 +02:00 · 2021-05-12 13:28:59 +02:00 · 102c89ed65
commit 102c89ed65
parent 90b50f485e
7 changed files with 2 additions and 35 deletions
--- a/ChangeLog.d/issue4361.txt
+++ b/ChangeLog.d/issue4361.txt
@ -0,0 +1,2 @@
+Removals
+   * Remove the MBEDTLS_SSL_RECORD_CHECKING option. Fixes #4361.
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -1467,20 +1467,6 @@
 */
 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES

-/**
- * \def MBEDTLS_SSL_RECORD_CHECKING
- *
- * Enable the function mbedtls_ssl_check_record() which can be used to check
- * the validity and authenticity of an incoming record, to verify that it has
- * not been seen before. These checks are performed without modifying the
- * externally visible state of the SSL context.
- *
- * See mbedtls_ssl_check_record() for more information.
- *
- * Uncomment to enable support for record checking.
- */
-#define MBEDTLS_SSL_RECORD_CHECKING
-
 /**
 * \def MBEDTLS_SSL_DTLS_CONNECTION_ID
 *
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1795,7 +1795,6 @@ void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
 */
 void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );

-#if defined(MBEDTLS_SSL_RECORD_CHECKING)
 /**
 * \brief          Check whether a buffer contains a valid and authentic record
 *                 that has not been seen before. (DTLS only).
@ -1843,7 +1842,6 @@ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )
 int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
                              unsigned char *buf,
                              size_t buflen );
-#endif /* MBEDTLS_SSL_RECORD_CHECKING */

 /**
 * \brief          Set the timer callbacks (Mandatory for DTLS.)
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@ -86,7 +86,6 @@ int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl )
    return( 0 );
 }

-#if defined(MBEDTLS_SSL_RECORD_CHECKING)
 static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
                                    unsigned char *buf,
                                    size_t len,
@ -150,7 +149,6 @@ exit:
    MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) );
    return( ret );
 }
-#endif /* MBEDTLS_SSL_RECORD_CHECKING */

 #define SSL_DONT_FORCE_FLUSH 0
 #define SSL_FORCE_FLUSH      1
--- a/library/version_features.c
+++ b/library/version_features.c
@ -468,9 +468,6 @@ static const char * const features[] = {
 #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
    "MBEDTLS_SSL_ALL_ALERT_MESSAGES",
 #endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */
-#if defined(MBEDTLS_SSL_RECORD_CHECKING)
-    "MBEDTLS_SSL_RECORD_CHECKING",
-#endif /* MBEDTLS_SSL_RECORD_CHECKING */
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
    "MBEDTLS_SSL_DTLS_CONNECTION_ID",
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@ -159,7 +159,6 @@ int dtls_srtp_key_derivation( void *p_expkey,

 #endif /* MBEDTLS_SSL_EXPORT_KEYS */

-#if defined(MBEDTLS_SSL_RECORD_CHECKING)
 int ssl_check_record( mbedtls_ssl_context const *ssl,
                      unsigned char const *buf, size_t len )
 {
@ -220,7 +219,6 @@ int ssl_check_record( mbedtls_ssl_context const *ssl,

    return( 0 );
 }
-#endif /* MBEDTLS_SSL_RECORD_CHECKING */

 int recv_cb( void *ctx, unsigned char *buf, size_t len )
 {
@ -241,10 +239,8 @@ int recv_cb( void *ctx, unsigned char *buf, size_t len )
        /* Here's the place to do any datagram/record checking
         * in between receiving the packet from the underlying
         * transport and passing it on to the TLS stack. */
-#if defined(MBEDTLS_SSL_RECORD_CHECKING)
        if( ssl_check_record( io_ctx->ssl, buf, recv_len ) != 0 )
            return( -1 );
-#endif /* MBEDTLS_SSL_RECORD_CHECKING */
    }

    return( (int) recv_len );
@ -267,10 +263,8 @@ int recv_timeout_cb( void *ctx, unsigned char *buf, size_t len,
        /* Here's the place to do any datagram/record checking
         * in between receiving the packet from the underlying
         * transport and passing it on to the TLS stack. */
-#if defined(MBEDTLS_SSL_RECORD_CHECKING)
        if( ssl_check_record( io_ctx->ssl, buf, recv_len ) != 0 )
            return( -1 );
-#endif /* MBEDTLS_SSL_RECORD_CHECKING */
    }

    return( (int) recv_len );
--- a/programs/test/query_config.c
+++ b/programs/test/query_config.c
@ -1299,14 +1299,6 @@ int query_config( const char *config )
    }
 #endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */

-#if defined(MBEDTLS_SSL_RECORD_CHECKING)
-    if( strcmp( "MBEDTLS_SSL_RECORD_CHECKING", config ) == 0 )
-    {
-        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_RECORD_CHECKING );
-        return( 0 );
-    }
-#endif /* MBEDTLS_SSL_RECORD_CHECKING */
-
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
    if( strcmp( "MBEDTLS_SSL_DTLS_CONNECTION_ID", config ) == 0 )
    {