Add ssl_set_max_frag_len()
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index eca6879..9bb0c44 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -117,6 +117,13 @@
#define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
#define SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
+/* RFC 6066 section 4 */
+#define SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */
+#define SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */
+#define SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */
+#define SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */
+#define SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */
+
#define SSL_IS_CLIENT 0
#define SSL_IS_SERVER 1
#define SSL_COMPRESS_NULL 0
@@ -498,6 +505,10 @@
size_t out_msglen; /*!< record header: message length */
size_t out_left; /*!< amount of data not yet written */
+ /* Maximum fragment length extension (RFC 6066 section 4) */
+ unsigned char mfl_code; /*!< numerical code for MaxFragmentLength */
+ uint16_t max_frag_len; /*!< value of MaxFragmentLength */
+
/*
* PKI layer
*/
@@ -945,6 +956,23 @@
void ssl_set_min_version( ssl_context *ssl, int major, int minor );
/**
+ * \brief Set the maximum fragment length to emit and/or negotiate
+ * (Default: SSL_MAX_CONTENT_LEN, usually 2^14 bytes)
+ * (Server: set maximum fragment length to emit,
+ * usually negotiated by the client during handshake
+ * (Client: set maximum fragment length to emit *and*
+ * negotiate with the server during handshake)
+ *
+ * \param ssl SSL context
+ * \param mfl Code for maximum fragment length (allowed values:
+ * SSL_MAX_FRAG_LEN_512, SSL_MAX_FRAG_LEN_1024,
+ * SSL_MAX_FRAG_LEN_2048, SSL_MAX_FRAG_LEN_4096)
+ *
+ * \return O if successful or POLARSSL_ERR_SSL_BAD_INPUT_DATA
+ */
+int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
+
+/**
* \brief Enable / Disable renegotiation support for connection when
* initiated by peer
* (Default: SSL_RENEGOTIATION_DISABLED)
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index dfeed33..b6bb44f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2826,6 +2826,9 @@
memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN );
memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
+ ssl->mfl_code = SSL_MAX_FRAG_LEN_NONE;
+ ssl->max_frag_len = SSL_MAX_CONTENT_LEN;
+
ssl->hostname = NULL;
ssl->hostname_len = 0;
@@ -3111,6 +3114,35 @@
ssl->min_minor_ver = minor;
}
+int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
+{
+ switch( mfl_code )
+ {
+ case SSL_MAX_FRAG_LEN_512:
+ ssl->max_frag_len = 512;
+ break;
+
+ case SSL_MAX_FRAG_LEN_1024:
+ ssl->max_frag_len = 1024;
+ break;
+
+ case SSL_MAX_FRAG_LEN_2048:
+ ssl->max_frag_len = 2048;
+ break;
+
+ case SSL_MAX_FRAG_LEN_4096:
+ ssl->max_frag_len = 4096;
+ break;
+
+ default:
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ ssl->mfl_code = mfl_code;
+
+ return( 0 );
+}
+
void ssl_set_renegotiation( ssl_context *ssl, int renegotiation )
{
ssl->disable_renegotiation = renegotiation;