Add ssl_set_max_frag_len()

include/polarssl/ssl.h

@@ -117,6 +117,13 @@
 #define SSL_MINOR_VERSION_2             2   /*!< TLS v1.1 */
 #define SSL_MINOR_VERSION_3             3   /*!< TLS v1.2 */
 
+/* RFC 6066 section 4 */
+#define SSL_MAX_FRAG_LEN_NONE           0   /*!< don't use this extension   */
+#define SSL_MAX_FRAG_LEN_512            1   /*!< MaxFragmentLength 2^9      */
+#define SSL_MAX_FRAG_LEN_1024           2   /*!< MaxFragmentLength 2^10     */
+#define SSL_MAX_FRAG_LEN_2048           3   /*!< MaxFragmentLength 2^11     */
+#define SSL_MAX_FRAG_LEN_4096           4   /*!< MaxFragmentLength 2^12     */
+
 #define SSL_IS_CLIENT                   0
 #define SSL_IS_SERVER                   1
 #define SSL_COMPRESS_NULL               0
@@ -498,6 +505,10 @@ struct _ssl_context
     size_t out_msglen;          /*!< record header: message length    */
     size_t out_left;            /*!< amount of data not yet written   */
 
+    /* Maximum fragment length extension (RFC 6066 section 4) */
+    unsigned char mfl_code;     /*!< numerical code for MaxFragmentLength   */
+    uint16_t max_frag_len;      /*!< value of MaxFragmentLength             */
+
     /*
      * PKI layer
      */
@@ -944,6 +955,23 @@ void ssl_set_max_version( ssl_context *ssl, int major, int minor );
  */
 void ssl_set_min_version( ssl_context *ssl, int major, int minor );
 
+/**
+ * \brief          Set the maximum fragment length to emit and/or negotiate
+ *                 (Default: SSL_MAX_CONTENT_LEN, usually 2^14 bytes)
+ *                 (Server: set maximum fragment length to emit,
+ *                 usually negotiated by the client during handshake
+ *                 (Client: set maximum fragment length to emit *and*
+ *                 negotiate with the server during handshake)
+ *
+ * \param ssl      SSL context
+ * \param mfl      Code for maximum fragment length (allowed values:
+ *                 SSL_MAX_FRAG_LEN_512,  SSL_MAX_FRAG_LEN_1024,
+ *                 SSL_MAX_FRAG_LEN_2048, SSL_MAX_FRAG_LEN_4096)
+ *
+ * \return         O if successful or POLARSSL_ERR_SSL_BAD_INPUT_DATA
+ */
+int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
+
 /**
  * \brief          Enable / Disable renegotiation support for connection when
  *                 initiated by peer

library/ssl_tls.c

@@ -2826,6 +2826,9 @@ int ssl_init( ssl_context *ssl )
     memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN );
     memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
 
+    ssl->mfl_code = SSL_MAX_FRAG_LEN_NONE;
+    ssl->max_frag_len = SSL_MAX_CONTENT_LEN;
+
     ssl->hostname = NULL;
     ssl->hostname_len = 0;
 
@@ -3111,6 +3114,35 @@ void ssl_set_min_version( ssl_context *ssl, int major, int minor )
     ssl->min_minor_ver = minor;
 }
 
+int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
+{
+    switch( mfl_code )
+    {
+        case SSL_MAX_FRAG_LEN_512:
+            ssl->max_frag_len = 512;
+            break;
+
+        case SSL_MAX_FRAG_LEN_1024:
+            ssl->max_frag_len = 1024;
+            break;
+
+        case SSL_MAX_FRAG_LEN_2048:
+            ssl->max_frag_len = 2048;
+            break;
+
+        case SSL_MAX_FRAG_LEN_4096:
+            ssl->max_frag_len = 4096;
+            break;
+
+        default:
+            return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    ssl->mfl_code = mfl_code;
+
+    return( 0 );
+}
+
 void ssl_set_renegotiation( ssl_context *ssl, int renegotiation )
 {
     ssl->disable_renegotiation = renegotiation;