diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4f826e403..3fa6ea793 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -258,8 +258,8 @@ #define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0 #define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1 -#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED -1 -#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 0 +#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 0 +#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 1 #define MBEDTLS_SSL_ARC4_ENABLED 0 #define MBEDTLS_SSL_ARC4_DISABLED 1 @@ -1047,8 +1047,7 @@ struct mbedtls_ssl_context unsigned char *compress_buf; /*!< zlib data buffer */ #endif #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) - signed char split_done; /*!< flag for record splitting: - -1 disabled, 0 todo, 1 done */ + signed char split_done; /*!< current record already splitted? */ #endif /* @@ -1914,11 +1913,11 @@ int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_config *conf, int truncate ); * \note Only affects SSLv3 and TLS 1.0, not higher versions. * Does not affect non-CBC ciphersuites in any version. * - * \param ssl SSL context + * \param conf SSL configuration * \param split MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED or * MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED */ -void mbedtls_ssl_set_cbc_record_splitting( mbedtls_ssl_context *ssl, char split ); +void mbedtls_ssl_set_cbc_record_splitting( mbedtls_ssl_config *conf, char split ); #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6702c8bb6..7ac419b50 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5619,9 +5619,9 @@ int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_config *conf, int truncate ) #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) -void mbedtls_ssl_set_cbc_record_splitting( mbedtls_ssl_context *ssl, char split ) +void mbedtls_ssl_set_cbc_record_splitting( mbedtls_ssl_config *conf, char split ) { - ssl->split_done = split; + conf->cbc_record_splitting = split; } #endif @@ -6320,7 +6320,8 @@ static int ssl_write_split( mbedtls_ssl_context *ssl, { int ret; - if( ssl->split_done == MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED || + if( ssl->conf->cbc_record_splitting == + MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED || len <= 1 || ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_1 || mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ) @@ -6658,6 +6659,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; #endif +#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) + conf->cbc_record_splitting = MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED; +#endif + #if defined(MBEDTLS_SSL_SESSION_TICKETS) conf->ticket_lifetime = MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME; #endif diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 0f2313c1e..47e4bd5d9 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1101,7 +1101,7 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) if( opt.recsplit != DFL_RECSPLIT ) - mbedtls_ssl_set_cbc_record_splitting( &ssl, opt.recsplit + mbedtls_ssl_set_cbc_record_splitting( &conf, opt.recsplit ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ); #endif