diff options
| author | Stephen Farrell <stephen.farrell@cs.tcd.ie> | 2024-07-04 18:34:47 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-07-10 11:44:39 +0200 |
| commit | 21dfb975968d73b9cd40835d2cd436602079e853 (patch) | |
| tree | c0f4f0e52a8d7e98cdea371a7ae812c4727d6452 /ssl/ssl_conf.c | |
| parent | Add documentation for deprecated CMAC_CTX functions (diff) | |
| download | openssl-21dfb975968d73b9cd40835d2cd436602079e853.tar.xz openssl-21dfb975968d73b9cd40835d2cd436602079e853.zip | |
Extend TLSv1.3 record layer padding API calls
Added SSL_set_block_padding_ex() and SSL_CTX_set_block_padding_ex()
to allow separate padding block size values for handshake messages
and application data messages.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24796)
Diffstat (limited to 'ssl/ssl_conf.c')
| -rw-r--r-- | ssl/ssl_conf.c | 34 |
1 files changed, 29 insertions, 5 deletions
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 77de00542b..0deae1604f 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -649,20 +649,44 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) return rv > 0; } +/* + * |value| input is "<number[,number]>" + * where the first number is the padding block size for + * application data, and the optional second is the + * padding block size for handshake messages + */ static int cmd_RecordPadding(SSL_CONF_CTX *cctx, const char *value) { int rv = 0; - int block_size = atoi(value); + size_t block_padding = 0, hs_padding = 0; + char *commap = NULL, *copy = NULL; + copy = OPENSSL_strdup(value); + if (copy == NULL) + return 0; + commap = strstr(copy, ","); + if (commap != NULL) { + *commap = '\0'; + if (*(commap + 1) == '\0') { + OPENSSL_free(copy); + return 0; + } + hs_padding = (size_t) atoi(commap + 1); + } + block_padding = (size_t) atoi(copy); + if (commap == NULL) + hs_padding = block_padding; + OPENSSL_free(copy); /* - * All we care about is a non-negative value, + * All we care about are non-negative values, * the setters check the range */ - if (block_size >= 0) { + if (block_padding >= 0 || hs_padding >= 0) { if (cctx->ctx) - rv = SSL_CTX_set_block_padding(cctx->ctx, block_size); + rv = SSL_CTX_set_block_padding_ex(cctx->ctx, block_padding, + hs_padding); if (cctx->ssl) - rv = SSL_set_block_padding(cctx->ssl, block_size); + rv = SSL_set_block_padding_ex(cctx->ssl, block_padding, hs_padding); } return rv; } |