Add ssl_get_record_expansion()
This commit is contained in:
parent
e63582a166
commit
9b35f18f66
4 changed files with 56 additions and 0 deletions
|
@ -1856,6 +1856,18 @@ const char *ssl_get_ciphersuite( const ssl_context *ssl );
|
|||
*/
|
||||
const char *ssl_get_version( const ssl_context *ssl );
|
||||
|
||||
/**
|
||||
* \brief Return the (maximum) number of bytes added by the record
|
||||
* layer: header + encryption/MAC overhead (inc. padding)
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*
|
||||
* \return Current maximum record expansion in bytes, or
|
||||
* POLARSSL_ERR_FEATURE_UNAVAILABLE if compression is enabled,
|
||||
* which makes expansion much less predictable
|
||||
*/
|
||||
int ssl_get_record_expansion( const ssl_context *ssl );
|
||||
|
||||
#if defined(POLARSSL_X509_CRT_PARSE_C)
|
||||
/**
|
||||
* \brief Return the peer certificate from the current connection
|
||||
|
|
|
@ -5476,6 +5476,40 @@ const char *ssl_get_version( const ssl_context *ssl )
|
|||
}
|
||||
}
|
||||
|
||||
int ssl_get_record_expansion( const ssl_context *ssl )
|
||||
{
|
||||
int transform_expansion;
|
||||
const ssl_transform *transform = ssl->transform_out;
|
||||
|
||||
#if defined(POLARSSL_ZLIB_SUPPORT)
|
||||
if( ssl->session_out->compression != SSL_COMPRESS_NULL )
|
||||
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
#endif
|
||||
|
||||
if( transform == NULL )
|
||||
return( ssl_hdr_len( ssl ) );
|
||||
|
||||
switch( cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
|
||||
{
|
||||
case POLARSSL_MODE_GCM:
|
||||
case POLARSSL_MODE_CCM:
|
||||
case POLARSSL_MODE_STREAM:
|
||||
transform_expansion = transform->minlen;
|
||||
break;
|
||||
|
||||
case POLARSSL_MODE_CBC:
|
||||
transform_expansion = transform->maclen
|
||||
+ cipher_get_block_size( &transform->cipher_ctx_enc );
|
||||
break;
|
||||
|
||||
default:
|
||||
SSL_DEBUG_MSG( 0, ( "should never happen" ) );
|
||||
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
return( ssl_hdr_len( ssl ) + transform_expansion );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_X509_CRT_PARSE_C)
|
||||
const x509_crt *ssl_get_peer_cert( const ssl_context *ssl )
|
||||
{
|
||||
|
|
|
@ -1099,6 +1099,11 @@ int main( int argc, char *argv[] )
|
|||
printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
|
||||
ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
|
||||
|
||||
if( ( ret = ssl_get_record_expansion( &ssl ) ) >= 0 )
|
||||
printf( " [ Record expansion is %d ]\n", ret );
|
||||
else
|
||||
printf( " [ Record expansion is unknown (compression) ]\n" );
|
||||
|
||||
#if defined(POLARSSL_SSL_ALPN)
|
||||
if( opt.alpn_string != NULL )
|
||||
{
|
||||
|
|
|
@ -1704,6 +1704,11 @@ reset:
|
|||
ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
|
||||
}
|
||||
|
||||
if( ( ret = ssl_get_record_expansion( &ssl ) ) >= 0 )
|
||||
printf( " [ Record expansion is %d ]\n", ret );
|
||||
else
|
||||
printf( " [ Record expansion is unknown (compression) ]\n" );
|
||||
|
||||
#if defined(POLARSSL_SSL_ALPN)
|
||||
if( opt.alpn_string != NULL )
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue