Added support for ClientHello padding (RFC 7685) and fixed buffering bug.

[BearSSL] / inc / bearssl_ssl.h

diff --git a/inc/bearssl_ssl.h b/inc/bearssl_ssl.h
index 24d773c..a992319 100644 (file)
--- a/inc/bearssl_ssl.h
+++ b/inc/bearssl_ssl.h
@@ -1020,6 +1020,14 @@ typedef struct {
         */
        br_ssl_engine_context eng;
 
         */
        br_ssl_engine_context eng;
 

+       /*
+        * Minimum ClientHello length; padding with an extension (RFC
+        * 7685) is added if necessary to match at least that length.
+        * Such padding is nominally unnecessary, but it has been used
+        * to work around some server implementation bugs.
+        */
+       uint16_t min_clienthello_len;
+

        /*
         * Implementations.
         */
        /*
         * Implementations.
         */


@@ -1081,6 +1089,15 @@ br_ssl_client_set_ecdsa(br_ssl_client_context *cc, br_ecdsa_vrfy iecdsa)
        cc->iecdsa = iecdsa;
 }
 
        cc->iecdsa = iecdsa;
 }
 

+/*
+ * Set the minimum ClientHello length (RFC 7685 padding).
+ */
+static inline void
+br_ssl_client_set_min_clienthello_len(br_ssl_client_context *cc, uint16_t len)
+{
+       cc->min_clienthello_len = len;
+}
+

 /*
  * Prepare or reset a client context for connecting with a server of
  * name 'server_name'. The 'server_name' parameter is used to fill the
 /*
  * Prepare or reset a client context for connecting with a server of
  * name 'server_name'. The 'server_name' parameter is used to fill the