Fix MFLN probe and allow returning whether MFLN succeeded or not after a connection. (#6000)

Fixes #5996 * Add extensions to probe message for EC, others probeMFLN was failing on some connection attempts to servers which only supported EC based ciphers because it did not include the proper TLS handshake extensions to list what kinds of ECs it supported. Add those to the probeMFLN ClientHello message to make probes pass. * Add client.getMFLNStatus method, returns MFLN state After a connection it is useful to check whether MFLN negotiation succeeded. getMFLNStatus returns a bool (valid only after client.connect() succeeds, of course) indicating whether the requested buffer sizes were negotiated successfully.
2025-06-13 13:01:55 +03:00 · 2019-04-25 12:40:26 -07:00
parent d9b0480f09
commit f6dd826437
10 changed files with 73 additions and 10 deletions
--- a/tools/sdk/include/bearssl/bearssl_git.h
+++ b/tools/sdk/include/bearssl/bearssl_git.h
@ -1,2 +1,2 @@
 // Do not edit -- Automatically generated by tools/sdk/ssl/bearssl/Makefile
-#define BEARSSL_GIT 6778687
+#define BEARSSL_GIT a143020
--- a/tools/sdk/include/bearssl/bearssl_hash.h
+++ b/tools/sdk/include/bearssl/bearssl_hash.h
@ -724,7 +724,7 @@ void br_sha256_update(br_sha256_context *ctx, const void *data, size_t len);
 */
 void br_sha256_out(const br_sha256_context *ctx, void *out);

-#if BR_DOXYGEN_IGNORE
+#ifdef BR_DOXYGEN_IGNORE
 /**
 * \brief Save SHA-256 running state.
 *
@ -742,7 +742,7 @@ uint64_t br_sha256_state(const br_sha256_context *ctx, void *out);
 #define br_sha256_state       br_sha224_state
 #endif

-#if BR_DOXYGEN_IGNORE
+#ifdef BR_DOXYGEN_IGNORE
 /**
 * \brief Restore SHA-256 running state.
 *
--- a/tools/sdk/include/bearssl/bearssl_ssl.h
+++ b/tools/sdk/include/bearssl/bearssl_ssl.h
@ -864,6 +864,7 @@ typedef struct {
 	 */
 	uint16_t max_frag_len;
 	unsigned char log_max_frag_len;
+	unsigned char max_frag_len_negotiated;
 	unsigned char peer_log_max_frag_len;

 	/*
@ -1830,6 +1831,17 @@ void br_ssl_engine_set_buffer(br_ssl_engine_context *cc,
 void br_ssl_engine_set_buffers_bidi(br_ssl_engine_context *cc,
 	void *ibuf, size_t ibuf_len, void *obuf, size_t obuf_len);

+/**
+ * \brief Determine if MFLN negotiation was successful
+ *
+ * \param cc     SSL engine context.
+ */
+static inline uint8_t
+br_ssl_engine_get_mfln_negotiated(br_ssl_engine_context *cc)
+{
+        return cc->max_frag_len_negotiated;
+}
+
 /**
 * \brief Inject some "initial entropy" in the context.
 *