diff --git a/src/ssl.c b/src/ssl.c index bfa059718..b31cb18b5 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -28011,6 +28011,39 @@ WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char * } #endif /* HAVE_OCSP */ +#ifdef HAVE_MAX_FRAGMENT +#ifndef NO_WOLFSSL_CLIENT +/** + * Set max fragment tls extension + * @param c a pointer to WOLFSSL_CTX object + * @param mode maximum fragment length mode + * @return 1 on success, otherwise 0 or negative error code + */ +WOLFSSL_API int wolfSSL_CTX_set_tlsext_max_fragment_length(WOLFSSL_CTX *c, + unsigned char mode) +{ + if (c == NULL || (mode < WOLFSSL_MFL_2_9 || mode > WOLFSSL_MFL_2_12 )) + return BAD_FUNC_ARG; + + return wolfSSL_CTX_UseMaxFragment(c, mode); +} +/** + * Set max fragment tls extension + * @param c a pointer to WOLFSSL object + * @param mode maximum fragment length mode + * @return 1 on success, otherwise 0 or negative error code + */ +WOLFSSL_API int wolfSSL_set_tlsext_max_fragment_length(WOLFSSL *s, + unsigned char mode) +{ + if (s == NULL || (mode < WOLFSSL_MFL_2_9 || mode > WOLFSSL_MFL_2_12 )) + return BAD_FUNC_ARG; + + return wolfSSL_UseMaxFragment(s, mode); +} +#endif /* NO_WOLFSSL_CLIENT */ +#endif /* HAVE_MAX_FRAGMENT */ + #endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) diff --git a/tests/api.c b/tests/api.c index a4664d566..cd6b20481 100644 --- a/tests/api.c +++ b/tests/api.c @@ -5892,30 +5892,61 @@ static void test_wolfSSL_UseMaxFragment(void) #endif WOLFSSL *ssl = wolfSSL_new(ctx); +#ifdef OPENSSL_EXTRA + int (*UseMaxFragment)(SSL *s, uint8_t mode); + int (*CTX_UseMaxFragment)(SSL_CTX *c, uint8_t mode); + + CTX_UseMaxFragment = SSL_CTX_set_tlsext_max_fragment_length; + UseMaxFragment = SSL_set_tlsext_max_fragment_length; +#else + int (*UseMaxFragment)(WOLFSSL *s, unsigned char mode); + int (*CTX_UseMaxFragment)(WOLFSSL_CTX *c, unsigned char mode); + + UseMaxFragment = wolfSSL_UseMaxFragment; + CTX_UseMaxFragment = wolfSSL_CTX_UseMaxFragment; +#endif + + AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(NULL, WOLFSSL_MFL_2_9)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( NULL, WOLFSSL_MFL_2_9)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MIN-1)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MAX+1)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment(ssl, WOLFSSL_MFL_MIN-1)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment(ssl, WOLFSSL_MFL_MAX+1)); + AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(NULL, WOLFSSL_MFL_2_9)); + AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment( NULL, WOLFSSL_MFL_2_9)); + AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MIN-1)); + AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MAX+1)); + AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MIN-1)); + AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MAX+1)); /* success case */ - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_9)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_10)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_12)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_8)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_9)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_10)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_11)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_12)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_13)); +#ifdef OPENSSL_EXTRA + AssertIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8)); +#else + AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8)); +#endif + AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_9)); + AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_10)); + AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11)); + AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_12)); +#ifdef OPENSSL_EXTRA + AssertIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13)); + + AssertIntEQ(BAD_FUNC_ARG, UseMaxFragment( ssl, WOLFSSL_MFL_2_8)); +#else + AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13)); + + AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_8)); +#endif + AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_9)); + AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_10)); + AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_11)); + AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_12)); + +#ifdef OPENSSL_EXTRA + AssertIntEQ(BAD_FUNC_ARG, UseMaxFragment( ssl, WOLFSSL_MFL_2_13)); +#else + AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_13)); +#endif wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index a02b11cd9..5f4a4e95c 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -1110,6 +1110,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define TLSEXT_STATUSTYPE_ocsp 1 +#define TLSEXT_max_fragment_length_512 WOLFSSL_MFL_2_9 +#define TLSEXT_max_fragment_length_1024 WOLFSSL_MFL_2_10 +#define TLSEXT_max_fragment_length_2048 WOLFSSL_MFL_2_11 +#define TLSEXT_max_fragment_length_4096 WOLFSSL_MFL_2_12 + #define SSL_set_options wolfSSL_set_options #define SSL_get_options wolfSSL_get_options #define SSL_clear_options wolfSSL_clear_options @@ -1130,6 +1135,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_set_tlsext_status_ocsp_res wolfSSL_set_tlsext_status_ocsp_resp #define SSL_set_tlsext_status_ocsp_resp wolfSSL_set_tlsext_status_ocsp_resp #define SSL_get_tlsext_status_ocsp_resp wolfSSL_get_tlsext_status_ocsp_resp +#define SSL_set_tlsext_max_fragment_length wolfSSL_set_tlsext_max_fragment_length #define SSL_CTX_add_extra_chain_cert wolfSSL_CTX_add_extra_chain_cert #define SSL_CTX_get_read_ahead wolfSSL_CTX_get_read_ahead @@ -1137,6 +1143,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_CTX_set_tlsext_status_arg wolfSSL_CTX_set_tlsext_status_arg #define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg \ wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg +#define SSL_CTX_set_tlsext_max_fragment_length \ + wolfSSL_CTX_set_tlsext_max_fragment_length #define SSL_get_server_random wolfSSL_get_server_random #define SSL_get_server_tmp_key wolfSSL_get_server_tmp_key diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 3733154d5..ca110ca51 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1942,7 +1942,10 @@ WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg); WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg); WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp); WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len); - +WOLFSSL_API int wolfSSL_set_tlsext_max_fragment_length + (WOLFSSL *s, unsigned char mode); +WOLFSSL_API int wolfSSL_CTX_set_tlsext_max_fragment_length + (WOLFSSL_CTX *c, unsigned char mode); WOLFSSL_API void wolfSSL_CONF_modules_unload(int all); WOLFSSL_API char* wolfSSL_CONF_get1_default_config_file(void); WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg);