From 8b46459ae540c32e60c12a9346c60dac3b8e0132 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 16 Jul 2013 12:45:26 +0200 Subject: [PATCH] Add ssl_set_max_frag_len() --- include/polarssl/ssl.h | 28 ++++++++++++++++++++++++++++ library/ssl_tls.c | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index eca6879e3..9bb0c4438 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -117,6 +117,13 @@ #define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */ #define SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */ +/* RFC 6066 section 4 */ +#define SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */ +#define SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */ +#define SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */ +#define SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */ +#define SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */ + #define SSL_IS_CLIENT 0 #define SSL_IS_SERVER 1 #define SSL_COMPRESS_NULL 0 @@ -498,6 +505,10 @@ struct _ssl_context size_t out_msglen; /*!< record header: message length */ size_t out_left; /*!< amount of data not yet written */ + /* Maximum fragment length extension (RFC 6066 section 4) */ + unsigned char mfl_code; /*!< numerical code for MaxFragmentLength */ + uint16_t max_frag_len; /*!< value of MaxFragmentLength */ + /* * PKI layer */ @@ -944,6 +955,23 @@ void ssl_set_max_version( ssl_context *ssl, int major, int minor ); */ void ssl_set_min_version( ssl_context *ssl, int major, int minor ); +/** + * \brief Set the maximum fragment length to emit and/or negotiate + * (Default: SSL_MAX_CONTENT_LEN, usually 2^14 bytes) + * (Server: set maximum fragment length to emit, + * usually negotiated by the client during handshake + * (Client: set maximum fragment length to emit *and* + * negotiate with the server during handshake) + * + * \param ssl SSL context + * \param mfl Code for maximum fragment length (allowed values: + * SSL_MAX_FRAG_LEN_512, SSL_MAX_FRAG_LEN_1024, + * SSL_MAX_FRAG_LEN_2048, SSL_MAX_FRAG_LEN_4096) + * + * \return O if successful or POLARSSL_ERR_SSL_BAD_INPUT_DATA + */ +int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code ); + /** * \brief Enable / Disable renegotiation support for connection when * initiated by peer diff --git a/library/ssl_tls.c b/library/ssl_tls.c index dfeed3377..b6bb44f78 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2826,6 +2826,9 @@ int ssl_init( ssl_context *ssl ) memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN ); memset( ssl->out_ctr, 0, SSL_BUFFER_LEN ); + ssl->mfl_code = SSL_MAX_FRAG_LEN_NONE; + ssl->max_frag_len = SSL_MAX_CONTENT_LEN; + ssl->hostname = NULL; ssl->hostname_len = 0; @@ -3111,6 +3114,35 @@ void ssl_set_min_version( ssl_context *ssl, int major, int minor ) ssl->min_minor_ver = minor; } +int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code ) +{ + switch( mfl_code ) + { + case SSL_MAX_FRAG_LEN_512: + ssl->max_frag_len = 512; + break; + + case SSL_MAX_FRAG_LEN_1024: + ssl->max_frag_len = 1024; + break; + + case SSL_MAX_FRAG_LEN_2048: + ssl->max_frag_len = 2048; + break; + + case SSL_MAX_FRAG_LEN_4096: + ssl->max_frag_len = 4096; + break; + + default: + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + } + + ssl->mfl_code = mfl_code; + + return( 0 ); +} + void ssl_set_renegotiation( ssl_context *ssl, int renegotiation ) { ssl->disable_renegotiation = renegotiation;