Merge support for 1/n-1 record splitting

2015-01-13 16:31:34 +01:00 · 2015-01-13 16:31:34 +01:00 · f3561154ff
commit f3561154ff
parent f6080b8557 3ff78239fe
7 changed files with 185 additions and 5 deletions
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -253,6 +253,9 @@
 #define SSL_SESSION_TICKETS_DISABLED     0
 #define SSL_SESSION_TICKETS_ENABLED      1

+#define SSL_CBC_RECORD_SPLITTING_DISABLED   -1
+#define SSL_CBC_RECORD_SPLITTING_ENABLED     0
+
 /**
 * \name SECTION: Module settings
 *
@ -832,6 +835,10 @@ struct _ssl_context
 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
    unsigned char mfl_code;     /*!< MaxFragmentLength chosen by us   */
 #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
+    char split_done;            /*!< flag for record splitting:
+                                     -1 disabled, 0 todo, 1 done      */
+#endif

    /*
     * PKI layer
@ -1528,6 +1535,21 @@ int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
 int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
 #endif /* POLARSSL_SSL_TRUNCATED_HMAC */

+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
+/**
+ * \brief          Enable / Disable 1/n-1 record splitting
+ *                 (Default: SSL_CBC_RECORD_SPLITTING_ENABLED)
+ *
+ * \note           Only affects SSLv3 and TLS 1.0, not higher versions.
+ *                 Does not affect non-CBC ciphersuites in any version.
+ *
+ * \param ssl      SSL context
+ * \param split    SSL_CBC_RECORD_SPLITTING_ENABLED or
+ *                 SSL_CBC_RECORD_SPLITTING_DISABLED
+ */
+void ssl_set_cbc_record_splitting( ssl_context *ssl, char split );
+#endif /* POLARSSL_SSL_CBC_RECORD_SPLITTING */
+
 #if defined(POLARSSL_SSL_SESSION_TICKETS)
 /**
 * \brief          Enable / Disable session tickets
@ -1796,6 +1818,10 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len );
 * \note           When this function returns POLARSSL_ERR_NET_WANT_WRITE,
 *                 it must be called later with the *same* arguments,
 *                 until it returns a positive value.
+ *
+ * \note           This function may write less than the number of bytes
+ *                 requested if len is greater than the maximum record length.
+ *                 For arbitrary-sized messages, it should be called in a loop.
 */
 int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len );