lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

Made support for the max_fragment_length extension configurable

Browse Source
This commit is contained in:
Paul Bakker
2013-08-15 13:33:48 +02:00
parent 9f3478a37d
commit 05decb24c3
7 changed files with 62 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
library/ssl_cli.c
View File

@ -276,6 +276,7 @@ static void ssl_write_supported_point_formats_ext( ssl_context *ssl,
}
#endif
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
static void ssl_write_max_fragment_length_ext( ssl_context *ssl,
unsigned char *buf,
size_t *olen )
@ -299,6 +300,7 @@ static void ssl_write_max_fragment_length_ext( ssl_context *ssl,
*olen = 5;
}
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
static void ssl_write_truncated_hmac_ext( ssl_context *ssl,
unsigned char *buf, size_t *olen )
@ -546,8 +548,10 @@ static int ssl_write_client_hello( ssl_context *ssl )
ext_len += olen;
#endif
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
#endif
ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
@ -621,6 +625,7 @@ static int ssl_parse_renegotiation_info( ssl_context *ssl,
return( 0 );
}
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
static int ssl_parse_max_fragment_length_ext( ssl_context *ssl,
const unsigned char *buf,
size_t len )
@ -638,6 +643,7 @@ static int ssl_parse_max_fragment_length_ext( ssl_context *ssl,
return( 0 );
}
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
static int ssl_parse_truncated_hmac_ext( ssl_context *ssl,
const unsigned char *buf,
@ -891,6 +897,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
break;
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
case TLS_EXT_MAX_FRAGMENT_LENGTH:
SSL_DEBUG_MSG( 3, ( "found max_fragment_length extension" ) );
@ -901,6 +908,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
}
break;
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
case TLS_EXT_TRUNCATED_HMAC:
SSL_DEBUG_MSG( 3, ( "found truncated_hmac extension" ) );

8
library/ssl_srv.c
View File

@ -564,6 +564,7 @@ static int ssl_parse_supported_point_formats( ssl_context *ssl,
}
#endif /* POLARSSL_ECP_C */
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
static int ssl_parse_max_fragment_length_ext( ssl_context *ssl,
const unsigned char *buf,
size_t len )
@ -578,6 +579,7 @@ static int ssl_parse_max_fragment_length_ext( ssl_context *ssl,
return( 0 );
}
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
static int ssl_parse_truncated_hmac_ext( ssl_context *ssl,
const unsigned char *buf,
@ -1174,6 +1176,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
break;
#endif /* POLARSSL_ECP_C */
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
case TLS_EXT_MAX_FRAGMENT_LENGTH:
SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) );
@ -1181,6 +1184,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
if( ret != 0 )
return( ret );
break;
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
case TLS_EXT_TRUNCATED_HMAC:
SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) );
@ -1386,6 +1390,7 @@ static void ssl_write_renegotiation_ext( ssl_context *ssl,
*olen = 5 + ssl->verify_data_len * 2;
}
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
static void ssl_write_max_fragment_length_ext( ssl_context *ssl,
unsigned char *buf,
size_t *olen )
@ -1410,6 +1415,7 @@ static void ssl_write_max_fragment_length_ext( ssl_context *ssl,
*olen = 5;
}
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
static int ssl_write_server_hello( ssl_context *ssl )
{
@ -1551,8 +1557,10 @@ static int ssl_write_server_hello( ssl_context *ssl )
ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
#endif
ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;

10
library/ssl_tls.c
View File

@ -59,6 +59,7 @@
#define strcasecmp _stricmp
#endif
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
/*
* Convert max_fragment_length codes to length.
* RFC 6066 says:
@ -75,6 +76,7 @@ static unsigned int mfl_code_to_length[SSL_MAX_FRAG_LEN_INVALID] =
2048, /* SSL_MAX_FRAG_LEN_2048 */
4096, /* SSL_MAX_FRAG_LEN_4096 */
};
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
static int ssl_session_copy( ssl_session *dst, const ssl_session *src )
{
@ -3238,6 +3240,7 @@ void ssl_set_min_version( ssl_context *ssl, int major, int minor )
ssl->min_minor_ver = minor;
}
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
{
if( mfl_code >= sizeof( mfl_code_to_length ) ||
@ -3250,6 +3253,7 @@ int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
return( 0 );
}
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
int ssl_set_truncated_hmac( ssl_context *ssl, int truncate )
{
@ -3555,7 +3559,7 @@ int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len )
{
int ret;
size_t n;
unsigned int max_len;
unsigned int max_len = SSL_MAX_CONTENT_LEN;
SSL_DEBUG_MSG( 2, ( "=> write" ) );
@ -3568,19 +3572,21 @@ int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len )
}
}
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
/*
* Assume mfl_code is correct since it was checked when set
*/
max_len = mfl_code_to_length[ssl->mfl_code];
/*
* Check if a smaller max length was negociated
* Check if a smaller max length was negotiated
*/
if( ssl->session_out != NULL &&
mfl_code_to_length[ssl->session_out->mfl_code] < max_len )
{
max_len = mfl_code_to_length[ssl->session_out->mfl_code];
}
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
n = ( len < max_len) ? len : max_len;