- Added DEFLATE compression support as per RFC3749 (requires zlib)
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index a14e271..a336067 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -248,6 +248,22 @@
*
#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*/
+
+/**
+ * \def POLARSSL_ZLIB_SUPPORT
+ *
+ * If set, the SSL/TLS module uses ZLIB to support compression and
+ * decompression of packet data.
+ *
+ * Used in: library/ssl_tls.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * This feature requires zlib library and headers to be present.
+ *
+ * Uncomment to enable use of ZLIB
+#define POLARSSL_ZLIB_SUPPORT
+ */
/* \} name */
/**
diff --git a/include/polarssl/error.h b/include/polarssl/error.h
index fb739b1..508546e 100644
--- a/include/polarssl/error.h
+++ b/include/polarssl/error.h
@@ -75,7 +75,7 @@
* RSA 4 9
* MD 5 4
* CIPHER 6 5
- * SSL 6 1 (Started from top)
+ * SSL 6 2 (Started from top)
* SSL 7 31
*
* Module dependent error code (5 bits 0x.08.-0x.F8.)
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 1d7e7fd..40a57a7 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -43,6 +43,10 @@
#include "pkcs11.h"
#endif
+#if defined(POLARSSL_ZLIB_SUPPORT)
+#include "zlib.h"
+#endif
+
#if defined(_MSC_VER) && !defined(inline)
#define inline _inline
#else
@@ -86,6 +90,7 @@
#define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 /**< Memory allocation failed */
#define POLARSSL_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Hardware acceleration function returned with error */
#define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Hardware acceleration function skipped / left alone data */
+#define POLARSSL_ERR_SSL_COMPRESSION_FAILED -0x6F00 /**< Processing of the compression / decompression failed */
/*
* Various constants
@@ -99,6 +104,7 @@
#define SSL_IS_CLIENT 0
#define SSL_IS_SERVER 1
#define SSL_COMPRESS_NULL 0
+#define SSL_COMPRESS_DEFLATE 1
#define SSL_VERIFY_NONE 0
#define SSL_VERIFY_OPTIONAL 1
@@ -108,9 +114,17 @@
/*
* Allow an extra 512 bytes for the record header
- * and encryption overhead (counter + MAC + padding).
+ * and encryption overhead (counter + MAC + padding)
+ * and allow for a maximum of 1024 of compression expansion if
+ * enabled.
*/
-#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512)
+#if defined(POLARSSL_ZLIB_SUPPORT)
+#define SSL_COMPRESSION_ADD 1024
+#else
+#define SSL_COMPRESSION_ADD 0
+#endif
+
+#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 512)
/*
* Supported ciphersuites
@@ -253,6 +267,7 @@
{
time_t start; /*!< starting time */
int ciphersuite; /*!< chosen ciphersuite */
+ int compression; /*!< chosen compression */
size_t length; /*!< session id length */
unsigned char id[32]; /*!< session identifier */
unsigned char master[48]; /*!< the master secret */
@@ -374,6 +389,11 @@
unsigned long ctx_enc[134]; /*!< encryption context */
unsigned long ctx_dec[134]; /*!< decryption context */
+#if defined(POLARSSL_ZLIB_SUPPORT)
+ z_stream ctx_deflate; /*!< compression context */
+ z_stream ctx_inflate; /*!< decompression context */
+#endif
+
/*
* TLS extensions
*/
@@ -445,8 +465,10 @@
* pointers and data.
*
* \param ssl SSL context
+ * \return 0 if successful, or POLARSSL_ERR_SSL_HW_ACCEL_FAILED or
+ * POLARSSL_ERR_SSL_COMPRESSION_FAILED
*/
-void ssl_session_reset( ssl_context *ssl );
+int ssl_session_reset( ssl_context *ssl );
/**
* \brief Set the current endpoint type