Add ssl_get_record_expansion()

2014-10-14 17:47:31 +02:00 · 2014-10-14 17:47:31 +02:00 · 9b35f18f66
commit 9b35f18f66
parent e63582a166
4 changed files with 56 additions and 0 deletions
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -1856,6 +1856,18 @@ const char *ssl_get_ciphersuite( const ssl_context *ssl );
 */
 const char *ssl_get_version( const ssl_context *ssl );

+/**
+ * \brief          Return the (maximum) number of bytes added by the record
+ *                 layer: header + encryption/MAC overhead (inc. padding)
+ *
+ * \param ssl      SSL context
+ *
+ * \return         Current maximum record expansion in bytes, or
+ *                 POLARSSL_ERR_FEATURE_UNAVAILABLE if compression is enabled,
+ *                 which makes expansion much less predictable
+ */
+int ssl_get_record_expansion( const ssl_context *ssl );
+
 #if defined(POLARSSL_X509_CRT_PARSE_C)
 /**
 * \brief          Return the peer certificate from the current connection
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -5476,6 +5476,40 @@ const char *ssl_get_version( const ssl_context *ssl )
    }
 }

+int ssl_get_record_expansion( const ssl_context *ssl )
+{
+    int transform_expansion;
+    const ssl_transform *transform = ssl->transform_out;
+
+#if defined(POLARSSL_ZLIB_SUPPORT)
+    if( ssl->session_out->compression != SSL_COMPRESS_NULL )
+        return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+#endif
+
+    if( transform == NULL )
+        return( ssl_hdr_len( ssl ) );
+
+    switch( cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
+    {
+        case POLARSSL_MODE_GCM:
+        case POLARSSL_MODE_CCM:
+        case POLARSSL_MODE_STREAM:
+            transform_expansion = transform->minlen;
+            break;
+
+        case POLARSSL_MODE_CBC:
+            transform_expansion = transform->maclen
+                      + cipher_get_block_size( &transform->cipher_ctx_enc );
+            break;
+
+        default:
+            SSL_DEBUG_MSG( 0, ( "should never happen" ) );
+            return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    return( ssl_hdr_len( ssl ) + transform_expansion );
+}
+
 #if defined(POLARSSL_X509_CRT_PARSE_C)
 const x509_crt *ssl_get_peer_cert( const ssl_context *ssl )
 {
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -1099,6 +1099,11 @@ int main( int argc, char *argv[] )
    printf( " ok\n    [ Protocol is %s ]\n    [ Ciphersuite is %s ]\n",
            ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );

+    if( ( ret = ssl_get_record_expansion( &ssl ) ) >= 0 )
+        printf( "    [ Record expansion is %d ]\n", ret );
+    else
+        printf( "    [ Record expansion is unknown (compression) ]\n" );
+
 #if defined(POLARSSL_SSL_ALPN)
    if( opt.alpn_string != NULL )
    {
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -1704,6 +1704,11 @@ reset:
                ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
    }

+    if( ( ret = ssl_get_record_expansion( &ssl ) ) >= 0 )
+        printf( "    [ Record expansion is %d ]\n", ret );
+    else
+        printf( "    [ Record expansion is unknown (compression) ]\n" );
+
 #if defined(POLARSSL_SSL_ALPN)
    if( opt.alpn_string != NULL )
    {